154100x80000000000000001211712Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:59.806{E265CAAD-213F-60B6-39AB-02000000C601}10172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211706Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:59.004{E265CAAD-213F-60B6-36AB-02000000C601}6884C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211700Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:58.829{E265CAAD-213E-60B6-33AB-02000000C601}6000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211694Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:58.591{E265CAAD-213E-60B6-30AB-02000000C601}10012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211688Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:58.423{E265CAAD-213E-60B6-2DAB-02000000C601}10508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211682Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:58.216{E265CAAD-213E-60B6-2AAB-02000000C601}2896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211676Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:58.008{E265CAAD-213E-60B6-27AB-02000000C601}6668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211670Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:57.754{E265CAAD-213D-60B6-24AB-02000000C601}2540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211664Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:57.560{E265CAAD-213D-60B6-21AB-02000000C601}8972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211658Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:57.346{E265CAAD-213D-60B6-1EAB-02000000C601}2100C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211652Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:57.146{E265CAAD-213D-60B6-1BAB-02000000C601}13728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211646Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:56.647{E265CAAD-213C-60B6-18AB-02000000C601}5384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211640Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:56.393{E265CAAD-213C-60B6-15AB-02000000C601}5468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211634Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:55.972{E265CAAD-213B-60B6-12AB-02000000C601}5932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211628Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:55.752{E265CAAD-213B-60B6-0FAB-02000000C601}8984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211622Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:55.483{E265CAAD-213B-60B6-0CAB-02000000C601}10300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211616Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:55.183{E265CAAD-213B-60B6-09AB-02000000C601}6300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211610Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:54.983{E265CAAD-213A-60B6-06AB-02000000C601}6140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211604Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:54.631{E265CAAD-213A-60B6-03AB-02000000C601}5980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211598Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:54.392{E265CAAD-213A-60B6-00AB-02000000C601}12872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211592Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:54.200{E265CAAD-213A-60B6-FDAA-02000000C601}1512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211586Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:53.963{E265CAAD-2139-60B6-FAAA-02000000C601}12788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211580Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:53.748{E265CAAD-2139-60B6-F7AA-02000000C601}11108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211574Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:53.399{E265CAAD-2139-60B6-F4AA-02000000C601}8352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211568Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:52.753{E265CAAD-2138-60B6-F1AA-02000000C601}4324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211562Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:52.422{E265CAAD-2138-60B6-EEAA-02000000C601}4720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211556Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:52.092{E265CAAD-2138-60B6-EBAA-02000000C601}2264C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211550Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:51.736{E265CAAD-2137-60B6-E8AA-02000000C601}888C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211544Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:50.830{E265CAAD-2136-60B6-E5AA-02000000C601}6016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211538Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:50.441{E265CAAD-2136-60B6-E2AA-02000000C601}10444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211532Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:49.673{E265CAAD-2135-60B6-DFAA-02000000C601}13236C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211526Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:49.269{E265CAAD-2135-60B6-DCAA-02000000C601}10888C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211520Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:48.938{E265CAAD-2134-60B6-D9AA-02000000C601}4408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211514Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:48.644{E265CAAD-2134-60B6-D6AA-02000000C601}12272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211508Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:48.394{E265CAAD-2134-60B6-D3AA-02000000C601}10340C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211502Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:48.179{E265CAAD-2134-60B6-D0AA-02000000C601}9296C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211496Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:47.943{E265CAAD-2133-60B6-CDAA-02000000C601}8712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211490Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:47.690{E265CAAD-2133-60B6-CAAA-02000000C601}8048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211484Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:47.391{E265CAAD-2133-60B6-C7AA-02000000C601}10164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211478Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:47.036{E265CAAD-2133-60B6-C4AA-02000000C601}8300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211472Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:46.593{E265CAAD-2132-60B6-C1AA-02000000C601}13800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211466Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:46.342{E265CAAD-2132-60B6-BEAA-02000000C601}13008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211460Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:45.877{E265CAAD-2131-60B6-BBAA-02000000C601}6292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001211454Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:59:45.192{E265CAAD-2131-60B6-B8AA-02000000C601}14308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210878Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:47.239{E265CAAD-20BB-60B6-65AA-02000000C601}4520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210842Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:47.022{E265CAAD-20BB-60B6-5CAA-02000000C601}9396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210819Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:46.812{E265CAAD-20BA-60B6-55AA-02000000C601}7708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210794Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:46.510{E265CAAD-20BA-60B6-4FAA-02000000C601}11488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210762Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:46.015{E265CAAD-20BA-60B6-46AA-02000000C601}10204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210723Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:45.653{E265CAAD-20B9-60B6-3DAA-02000000C601}7432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210695Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:45.155{E265CAAD-20B9-60B6-35AA-02000000C601}5392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210676Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:44.872{E265CAAD-20B8-60B6-30AA-02000000C601}6184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210658Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:44.666{E265CAAD-20B8-60B6-2AAA-02000000C601}2640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210637Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:44.432{E265CAAD-20B8-60B6-24AA-02000000C601}6984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210618Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:44.109{E265CAAD-20B8-60B6-1FAA-02000000C601}612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210600Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:43.879{E265CAAD-20B7-60B6-19AA-02000000C601}13572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210584Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:43.621{E265CAAD-20B7-60B6-14AA-02000000C601}13308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210573Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:43.399{E265CAAD-20B7-60B6-10AA-02000000C601}13956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210552Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:43.058{E265CAAD-20B7-60B6-0AAA-02000000C601}3960C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210531Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:42.803{E265CAAD-20B6-60B6-04AA-02000000C601}4580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210520Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:42.609{E265CAAD-20B6-60B6-00AA-02000000C601}11808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210514Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:42.386{E265CAAD-20B6-60B6-FDA9-02000000C601}9224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210503Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:42.155{E265CAAD-20B6-60B6-F9A9-02000000C601}12388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210495Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:41.919{E265CAAD-20B5-60B6-F5A9-02000000C601}9240C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210491Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:41.867{E265CAAD-20B5-60B6-F3A9-02000000C601}13964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210483Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:41.124{E265CAAD-20B5-60B6-EFA9-02000000C601}12604C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210477Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:41.043{E265CAAD-20B5-60B6-ECA9-02000000C601}12192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210471Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:40.959{E265CAAD-20B4-60B6-E9A9-02000000C601}9152C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210465Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:40.842{E265CAAD-20B4-60B6-E6A9-02000000C601}432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210461Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:40.797{E265CAAD-20B4-60B6-E4A9-02000000C601}7744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210453Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:40.568{E265CAAD-20B4-60B6-E0A9-02000000C601}8464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210447Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:40.442{E265CAAD-20B4-60B6-DDA9-02000000C601}6256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210443Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:40.379{E265CAAD-20B4-60B6-DBA9-02000000C601}8980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210433Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:40.023{E265CAAD-20B4-60B6-D6A9-02000000C601}7456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210431Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:39.985{E265CAAD-20B3-60B6-D5A9-02000000C601}7264C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210421Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:39.309{E265CAAD-20B3-60B6-D0A9-02000000C601}13200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210419Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:38.921{E265CAAD-20B2-60B6-CFA9-02000000C601}9104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210413Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:38.843{E265CAAD-20B2-60B6-CCA9-02000000C601}10920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210405Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:38.553{E265CAAD-20B2-60B6-C8A9-02000000C601}13960C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210397Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:38.419{E265CAAD-20B2-60B6-C4A9-02000000C601}1348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210395Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:38.346{E265CAAD-20B2-60B6-C3A9-02000000C601}9144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210389Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:38.211{E265CAAD-20B2-60B6-C0A9-02000000C601}528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210379Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:37.919{E265CAAD-20B1-60B6-BBA9-02000000C601}6696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210377Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:37.918{E265CAAD-20B1-60B6-BAA9-02000000C601}2428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210367Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:37.472{E265CAAD-20B1-60B6-B5A9-02000000C601}3088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210365Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:37.379{E265CAAD-20B1-60B6-B4A9-02000000C601}6072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210355Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:37.015{E265CAAD-20B1-60B6-AFA9-02000000C601}9072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210353Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:36.939{E265CAAD-20B0-60B6-AEA9-02000000C601}13140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210343Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:36.521{E265CAAD-20B0-60B6-A9A9-02000000C601}2232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210341Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:36.513{E265CAAD-20B0-60B6-A8A9-02000000C601}8740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210331Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:36.111{E265CAAD-20B0-60B6-A3A9-02000000C601}4068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210329Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:36.039{E265CAAD-20B0-60B6-A2A9-02000000C601}4064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210321Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:35.756{E265CAAD-20AF-60B6-9EA9-02000000C601}13556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210315Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:35.589{E265CAAD-20AF-60B6-9BA9-02000000C601}2384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210309Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:35.439{E265CAAD-20AF-60B6-98A9-02000000C601}8144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210301Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:35.239{E265CAAD-20AF-60B6-94A9-02000000C601}4620C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210299Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:35.203{E265CAAD-20AF-60B6-93A9-02000000C601}8252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210289Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:34.905{E265CAAD-20AE-60B6-8EA9-02000000C601}11672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210285Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:34.859{E265CAAD-20AE-60B6-8CA9-02000000C601}11864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210281Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:34.773{E265CAAD-20AE-60B6-8AA9-02000000C601}13204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210271Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:34.432{E265CAAD-20AE-60B6-85A9-02000000C601}13000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210267Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:34.357{E265CAAD-20AE-60B6-83A9-02000000C601}3904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210263Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:34.252{E265CAAD-20AE-60B6-81A9-02000000C601}9708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210253Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:33.969{E265CAAD-20AD-60B6-7CA9-02000000C601}12804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210251Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:33.870{E265CAAD-20AD-60B6-7BA9-02000000C601}888C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210241Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:33.556{E265CAAD-20AD-60B6-76A9-02000000C601}5944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210236Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:33.462{E265CAAD-20AD-60B6-74A9-02000000C601}12812C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210230Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:33.285{E265CAAD-20AD-60B6-71A9-02000000C601}12724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210222Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:33.167{E265CAAD-20AD-60B6-6DA9-02000000C601}2508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210220Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:33.112{E265CAAD-20AD-60B6-6CA9-02000000C601}4336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210210Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:32.857{E265CAAD-20AC-60B6-67A9-02000000C601}1528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210206Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:32.765{E265CAAD-20AC-60B6-65A9-02000000C601}8352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210200Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:32.563{E265CAAD-20AC-60B6-62A9-02000000C601}8968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210192Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:32.397{E265CAAD-20AC-60B6-5EA9-02000000C601}8988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210190Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:32.300{E265CAAD-20AC-60B6-5DA9-02000000C601}10380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210182Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:32.096{E265CAAD-20AC-60B6-59A9-02000000C601}13732C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210178Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:32.029{E265CAAD-20AC-60B6-57A9-02000000C601}8400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210168Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:31.745{E265CAAD-20AB-60B6-52A9-02000000C601}8632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210163Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:31.653{E265CAAD-20AB-60B6-50A9-02000000C601}3248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210157Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:31.499{E265CAAD-20AB-60B6-4DA9-02000000C601}2756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210149Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:31.229{E265CAAD-20AB-60B6-49A9-02000000C601}6836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210147Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:31.197{E265CAAD-20AB-60B6-48A9-02000000C601}5196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210139Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:30.910{E265CAAD-20AA-60B6-44A9-02000000C601}12600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210131Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:30.719{E265CAAD-20AA-60B6-40A9-02000000C601}7020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210129Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:30.648{E265CAAD-20AA-60B6-3FA9-02000000C601}11836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210121Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:30.483{E265CAAD-20AA-60B6-3BA9-02000000C601}7544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210113Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:30.295{E265CAAD-20AA-60B6-37A9-02000000C601}9124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210111Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:30.122{E265CAAD-20AA-60B6-36A9-02000000C601}12948C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210103Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:29.909{E265CAAD-20A9-60B6-32A9-02000000C601}9968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210099Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:29.757{E265CAAD-20A9-60B6-30A9-02000000C601}5072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210089Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:29.533{E265CAAD-20A9-60B6-2BA9-02000000C601}10356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210087Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:29.440{E265CAAD-20A9-60B6-2AA9-02000000C601}7600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210077Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:29.098{E265CAAD-20A9-60B6-25A9-02000000C601}6856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210073Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:28.967{E265CAAD-20A8-60B6-23A9-02000000C601}5520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210067Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:28.750{E265CAAD-20A8-60B6-20A9-02000000C601}3068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210059Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:28.526{E265CAAD-20A8-60B6-1CA9-02000000C601}13716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210053Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:28.226{E265CAAD-20A8-60B6-19A9-02000000C601}11008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210047Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:28.055{E265CAAD-20A8-60B6-16A9-02000000C601}5728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210041Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:27.766{E265CAAD-20A7-60B6-13A9-02000000C601}9864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210035Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:27.542{E265CAAD-20A7-60B6-10A9-02000000C601}13208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210029Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:27.182{E265CAAD-20A7-60B6-0DA9-02000000C601}7936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210023Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:26.836{E265CAAD-20A6-60B6-0AA9-02000000C601}11380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210014Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:24.711{E265CAAD-20A4-60B6-07A9-02000000C601}10096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210012Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:23.287{E265CAAD-20A3-60B6-06A9-02000000C601}296C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210006Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:23.061{E265CAAD-20A3-60B6-03A9-02000000C601}13576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001210000Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:22.790{E265CAAD-20A2-60B6-00A9-02000000C601}6356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209994Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:22.611{E265CAAD-20A2-60B6-FDA8-02000000C601}8324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209988Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:22.432{E265CAAD-20A2-60B6-FAA8-02000000C601}6468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209982Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:22.252{E265CAAD-20A2-60B6-F7A8-02000000C601}7288C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209976Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:21.845{E265CAAD-20A1-60B6-F4A8-02000000C601}12920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209970Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:21.487{E265CAAD-20A1-60B6-F1A8-02000000C601}4144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209964Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:21.175{E265CAAD-20A1-60B6-EEA8-02000000C601}5652C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209958Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:20.769{E265CAAD-20A0-60B6-EBA8-02000000C601}4856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209952Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:20.572{E265CAAD-20A0-60B6-E8A8-02000000C601}9352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209946Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:20.370{E265CAAD-20A0-60B6-E5A8-02000000C601}10576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209940Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:20.102{E265CAAD-20A0-60B6-E2A8-02000000C601}8940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209934Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:19.933{E265CAAD-209F-60B6-DFA8-02000000C601}6460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209928Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:19.373{E265CAAD-209F-60B6-DCA8-02000000C601}13088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209922Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:19.197{E265CAAD-209F-60B6-D9A8-02000000C601}8836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209916Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:18.962{E265CAAD-209E-60B6-D6A8-02000000C601}8080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209910Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:18.618{E265CAAD-209E-60B6-D3A8-02000000C601}8016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209904Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:18.323{E265CAAD-209E-60B6-D0A8-02000000C601}2572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209898Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:17.875{E265CAAD-209D-60B6-CDA8-02000000C601}8780C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209892Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:17.513{E265CAAD-209D-60B6-CAA8-02000000C601}9544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209886Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:17.129{E265CAAD-209D-60B6-C7A8-02000000C601}10756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209880Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:57:15.885{E265CAAD-209B-60B6-C4A8-02000000C601}13956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209337Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:47.202{E265CAAD-207F-60B6-7DA8-02000000C601}2384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209329Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:46.788{E265CAAD-207E-60B6-79A8-02000000C601}7608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209323Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:46.540{E265CAAD-207E-60B6-76A8-02000000C601}5788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209317Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:46.238{E265CAAD-207E-60B6-73A8-02000000C601}6636C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209311Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:45.790{E265CAAD-207D-60B6-70A8-02000000C601}3400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209305Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:45.468{E265CAAD-207D-60B6-6DA8-02000000C601}10788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209299Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:45.113{E265CAAD-207D-60B6-6AA8-02000000C601}568C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209293Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:44.665{E265CAAD-207C-60B6-67A8-02000000C601}13556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209287Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:44.294{E265CAAD-207C-60B6-64A8-02000000C601}11752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209176Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:39.109{E265CAAD-2077-60B6-4CA8-02000000C601}11292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209157Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:38.716{E265CAAD-2076-60B6-47A8-02000000C601}7476C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209136Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:38.173{E265CAAD-2076-60B6-41A8-02000000C601}11972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209113Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:37.552{E265CAAD-2075-60B6-3AA8-02000000C601}2644C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209087Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:36.986{E265CAAD-2074-60B6-33A8-02000000C601}7340C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001209071Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:36.609{E265CAAD-2074-60B6-2EA8-02000000C601}9416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208942Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:35.936{E265CAAD-2073-60B6-28A8-02000000C601}10476C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208924Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:35.609{E265CAAD-2073-60B6-22A8-02000000C601}13208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208908Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:35.226{E265CAAD-2073-60B6-1DA8-02000000C601}3700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208894Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:34.610{E265CAAD-2072-60B6-19A8-02000000C601}4200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208873Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:34.066{E265CAAD-2072-60B6-13A8-02000000C601}2016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208845Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:33.489{E265CAAD-2071-60B6-0BA8-02000000C601}11400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208818Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:32.972{E265CAAD-2070-60B6-04A8-02000000C601}13628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208805Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:32.476{E265CAAD-2070-60B6-FFA7-02000000C601}9716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208794Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:31.650{E265CAAD-206F-60B6-FBA7-02000000C601}4040C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208784Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:30.941{E265CAAD-206E-60B6-F6A7-02000000C601}2252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208782Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:30.819{E265CAAD-206E-60B6-F5A7-02000000C601}6428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208773Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:30.506{E265CAAD-206E-60B6-F1A7-02000000C601}1432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208765Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:30.238{E265CAAD-206E-60B6-EDA7-02000000C601}11744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208763Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:30.133{E265CAAD-206E-60B6-ECA7-02000000C601}11120C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208755Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:29.753{E265CAAD-206D-60B6-E8A7-02000000C601}13380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208749Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:29.594{E265CAAD-206D-60B6-E5A7-02000000C601}8396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208741Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:29.425{E265CAAD-206D-60B6-E1A7-02000000C601}11016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208739Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:29.378{E265CAAD-206D-60B6-E0A7-02000000C601}8016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208729Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:29.060{E265CAAD-206D-60B6-DBA7-02000000C601}8260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208727Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:29.003{E265CAAD-206D-60B6-DAA7-02000000C601}13792C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208717Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:28.576{E265CAAD-206C-60B6-D5A7-02000000C601}13308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208713Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:28.435{E265CAAD-206C-60B6-D3A7-02000000C601}9788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208709Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:28.293{E265CAAD-206C-60B6-D1A7-02000000C601}3656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208701Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:28.105{E265CAAD-206C-60B6-CDA7-02000000C601}2444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208695Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:27.886{E265CAAD-206B-60B6-CAA7-02000000C601}13016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208691Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:27.660{E265CAAD-206B-60B6-C8A7-02000000C601}8836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208681Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:27.436{E265CAAD-206B-60B6-C3A7-02000000C601}5896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208679Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:27.199{E265CAAD-206B-60B6-C2A7-02000000C601}8296C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208671Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:26.418{E265CAAD-206A-60B6-BEA7-02000000C601}2156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208665Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:26.129{E265CAAD-206A-60B6-BBA7-02000000C601}4072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208657Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:25.776{E265CAAD-2069-60B6-B7A7-02000000C601}12564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208653Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:25.619{E265CAAD-2069-60B6-B5A7-02000000C601}2528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208647Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:25.373{E265CAAD-2069-60B6-B2A7-02000000C601}1180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208614Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:24.949{E265CAAD-2068-60B6-A9A7-02000000C601}6460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208612Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:24.945{E265CAAD-2068-60B6-A8A7-02000000C601}5972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208576Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:24.591{E265CAAD-2068-60B6-9FA7-02000000C601}10152C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208543Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:24.222{E265CAAD-2068-60B6-96A7-02000000C601}8360C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208541Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:24.211{E265CAAD-2068-60B6-95A7-02000000C601}6016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208407Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:23.673{E265CAAD-2067-60B6-8CA7-02000000C601}4196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208399Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:23.549{E265CAAD-2067-60B6-8AA7-02000000C601}14220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208381Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:23.123{E265CAAD-2067-60B6-84A7-02000000C601}9208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208368Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:22.642{E265CAAD-2066-60B6-7FA7-02000000C601}7968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208366Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:22.632{E265CAAD-2066-60B6-7EA7-02000000C601}7084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208339Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:21.971{E265CAAD-2065-60B6-77A7-02000000C601}8464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208318Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:21.659{E265CAAD-2065-60B6-71A7-02000000C601}11712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208311Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:21.356{E265CAAD-2065-60B6-6FA7-02000000C601}6652C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208291Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:20.659{E265CAAD-2064-60B6-68A7-02000000C601}7224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208287Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:20.643{E265CAAD-2064-60B6-66A7-02000000C601}2732C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208238Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:20.079{E265CAAD-2064-60B6-5CA7-02000000C601}9540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208175Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:19.937{E265CAAD-2063-60B6-5BA7-02000000C601}4380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208112Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:19.549{E265CAAD-2063-60B6-55A7-02000000C601}12368C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208101Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:19.300{E265CAAD-2063-60B6-51A7-02000000C601}5988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208073Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:18.636{E265CAAD-2062-60B6-49A7-02000000C601}9864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208049Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:17.949{E265CAAD-2061-60B6-43A7-02000000C601}4208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208033Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:17.259{E265CAAD-2061-60B6-3DA7-02000000C601}5192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208027Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:15.942{E265CAAD-205F-60B6-3AA7-02000000C601}13716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208021Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:14.602{E265CAAD-205E-60B6-37A7-02000000C601}8664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208015Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:14.112{E265CAAD-205E-60B6-34A7-02000000C601}10040C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208009Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:13.496{E265CAAD-205D-60B6-31A7-02000000C601}8508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001208003Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:12.952{E265CAAD-205C-60B6-2EA7-02000000C601}8276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207997Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:12.507{E265CAAD-205C-60B6-2BA7-02000000C601}13632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207946Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:11.870{E265CAAD-205B-60B6-1FA7-02000000C601}7688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207895Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:11.402{E265CAAD-205B-60B6-13A7-02000000C601}10876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207836Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:10.870{E265CAAD-205A-60B6-06A7-02000000C601}6020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207752Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:10.243{E265CAAD-205A-60B6-F4A6-02000000C601}11008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207709Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:09.807{E265CAAD-2059-60B6-E9A6-02000000C601}8084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207678Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:09.344{E265CAAD-2059-60B6-E1A6-02000000C601}9924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207645Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:08.593{E265CAAD-2058-60B6-D8A6-02000000C601}10940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207620Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:08.013{E265CAAD-2058-60B6-D0A6-02000000C601}6236C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207618Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:07.998{E265CAAD-2057-60B6-CFA6-02000000C601}11220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207595Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:07.559{E265CAAD-2057-60B6-C8A6-02000000C601}4224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207577Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:07.360{E265CAAD-2057-60B6-C2A6-02000000C601}4064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207557Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:06.907{E265CAAD-2056-60B6-BCA6-02000000C601}10232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207537Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:06.339{E265CAAD-2056-60B6-B6A6-02000000C601}5752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207506Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:05.809{E265CAAD-2055-60B6-ACA6-02000000C601}11608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207485Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:05.421{E265CAAD-2055-60B6-A6A6-02000000C601}6436C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207462Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:04.982{E265CAAD-2054-60B6-A0A6-02000000C601}3764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207436Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:04.419{E265CAAD-2054-60B6-97A6-02000000C601}6284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207429Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:04.325{E265CAAD-2054-60B6-95A6-02000000C601}14132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207421Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:04.159{E265CAAD-2054-60B6-92A6-02000000C601}12196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207402Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:03.886{E265CAAD-2053-60B6-8CA6-02000000C601}3392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207381Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:03.518{E265CAAD-2053-60B6-86A6-02000000C601}7660C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207355Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:03.032{E265CAAD-2053-60B6-7FA6-02000000C601}6484C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207339Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:02.620{E265CAAD-2052-60B6-7AA6-02000000C601}7036C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207320Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:02.222{E265CAAD-2052-60B6-75A6-02000000C601}3656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207301Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:01.640{E265CAAD-2051-60B6-6EA6-02000000C601}10948C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207279Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:00.900{E265CAAD-2050-60B6-67A6-02000000C601}13260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207250Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:56:00.212{E265CAAD-2050-60B6-60A6-02000000C601}10788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207222Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:59.742{E265CAAD-204F-60B6-58A6-02000000C601}7324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207201Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:59.149{E265CAAD-204F-60B6-52A6-02000000C601}6964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207175Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:58.352{E265CAAD-204E-60B6-4BA6-02000000C601}10024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207165Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:57.798{E265CAAD-204D-60B6-46A6-02000000C601}5840C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207163Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:57.785{E265CAAD-204D-60B6-45A6-02000000C601}5196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207157Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:57.466{E265CAAD-204D-60B6-42A6-02000000C601}14172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207146Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:57.228{E265CAAD-204D-60B6-3EA6-02000000C601}10624C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207142Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:57.152{E265CAAD-204D-60B6-3CA6-02000000C601}8920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207134Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:56.869{E265CAAD-204C-60B6-38A6-02000000C601}5896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207128Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:56.696{E265CAAD-204C-60B6-35A6-02000000C601}3116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207120Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:56.466{E265CAAD-204C-60B6-31A6-02000000C601}9828C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207108Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:55.952{E265CAAD-204B-60B6-2BA6-02000000C601}4472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207106Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:55.888{E265CAAD-204B-60B6-2AA6-02000000C601}7520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207104Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:55.852{E265CAAD-204B-60B6-29A6-02000000C601}5320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207102Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:55.700{E265CAAD-204B-60B6-28A6-02000000C601}3968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207083Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:55.103{E265CAAD-204B-60B6-1FA6-02000000C601}14244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207081Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:55.038{E265CAAD-204B-60B6-1EA6-02000000C601}11416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207079Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:55.005{E265CAAD-204B-60B6-1DA6-02000000C601}776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207075Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:54.890{E265CAAD-204A-60B6-1BA6-02000000C601}13500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207063Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:54.215{E265CAAD-204A-60B6-15A6-02000000C601}11932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207061Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:54.159{E265CAAD-204A-60B6-14A6-02000000C601}7460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207059Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:54.122{E265CAAD-204A-60B6-13A6-02000000C601}12772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207049Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:53.658{E265CAAD-2049-60B6-0EA6-02000000C601}1672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207041Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:53.368{E265CAAD-2049-60B6-0AA6-02000000C601}5472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207039Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:53.278{E265CAAD-2049-60B6-09A6-02000000C601}6768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207033Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:53.070{E265CAAD-2049-60B6-06A6-02000000C601}6184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207023Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:52.699{E265CAAD-2048-60B6-01A6-02000000C601}9456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207019Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:52.505{E265CAAD-2048-60B6-FFA5-02000000C601}11092C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207015Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:52.325{E265CAAD-2048-60B6-FDA5-02000000C601}11400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207004Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:51.967{E265CAAD-2047-60B6-F8A5-02000000C601}9192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001207003Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:51.947{E265CAAD-2047-60B6-F7A5-02000000C601}12296C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206993Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:51.652{E265CAAD-2047-60B6-F2A5-02000000C601}11140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206989Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:51.438{E265CAAD-2047-60B6-F0A5-02000000C601}5668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206985Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:51.230{E265CAAD-2047-60B6-EEA5-02000000C601}13320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206975Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:50.776{E265CAAD-2046-60B6-E9A5-02000000C601}12604C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206971Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:50.663{E265CAAD-2046-60B6-E7A5-02000000C601}8632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206965Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:50.370{E265CAAD-2046-60B6-E4A5-02000000C601}6972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206957Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:49.955{E265CAAD-2045-60B6-E0A5-02000000C601}12320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206955Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:49.815{E265CAAD-2045-60B6-DFA5-02000000C601}612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206947Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:49.455{E265CAAD-2045-60B6-DBA5-02000000C601}8028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206939Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:49.039{E265CAAD-2045-60B6-D7A5-02000000C601}4508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206937Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:49.012{E265CAAD-2045-60B6-D6A5-02000000C601}8924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206929Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:48.686{E265CAAD-2044-60B6-D2A5-02000000C601}8048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206921Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:48.234{E265CAAD-2044-60B6-CEA5-02000000C601}2736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206919Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:48.202{E265CAAD-2044-60B6-CDA5-02000000C601}7880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206911Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:47.825{E265CAAD-2043-60B6-C9A5-02000000C601}13092C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206903Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:47.518{E265CAAD-2043-60B6-C5A5-02000000C601}5520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206897Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:47.053{E265CAAD-2043-60B6-C2A5-02000000C601}6256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206895Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:46.873{E265CAAD-2042-60B6-C1A5-02000000C601}13808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206887Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:46.618{E265CAAD-2042-60B6-BDA5-02000000C601}7152C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206877Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:46.112{E265CAAD-2042-60B6-B8A5-02000000C601}5884C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206875Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:46.069{E265CAAD-2042-60B6-B7A5-02000000C601}172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206873Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:45.989{E265CAAD-2041-60B6-B6A5-02000000C601}11268C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206863Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:45.304{E265CAAD-2041-60B6-B1A5-02000000C601}6572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206857Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:45.133{E265CAAD-2041-60B6-AEA5-02000000C601}8388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206853Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:44.937{E265CAAD-2040-60B6-ACA5-02000000C601}11884C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206843Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:44.636{E265CAAD-2040-60B6-A7A5-02000000C601}8384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206841Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:44.612{E265CAAD-2040-60B6-A6A5-02000000C601}11800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206829Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:44.140{E265CAAD-2040-60B6-A0A5-02000000C601}10904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206827Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:44.109{E265CAAD-2040-60B6-9FA5-02000000C601}10868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206825Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:44.018{E265CAAD-2040-60B6-9EA5-02000000C601}8104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206815Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:43.765{E265CAAD-203F-60B6-99A5-02000000C601}9708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206807Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:43.435{E265CAAD-203F-60B6-95A5-02000000C601}4700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206801Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:43.158{E265CAAD-203F-60B6-92A5-02000000C601}4908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206799Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:43.133{E265CAAD-203F-60B6-91A5-02000000C601}12720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206793Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:42.665{E265CAAD-203E-60B6-8EA5-02000000C601}3044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206658Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:41.800{E265CAAD-203D-60B6-8AA5-02000000C601}13644C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206652Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:41.642{E265CAAD-203D-60B6-87A5-02000000C601}9932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206641Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:40.988{E265CAAD-203C-60B6-82A5-02000000C601}13528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206639Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:40.836{E265CAAD-203C-60B6-81A5-02000000C601}14072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206591Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:40.209{E265CAAD-203C-60B6-75A5-02000000C601}8860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206587Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:40.172{E265CAAD-203C-60B6-73A5-02000000C601}5872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206552Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:39.866{E265CAAD-203B-60B6-69A5-02000000C601}12776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206536Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:39.772{E265CAAD-203B-60B6-65A5-02000000C601}13856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206498Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:39.420{E265CAAD-203B-60B6-5AA5-02000000C601}8320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206491Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:39.378{E265CAAD-203B-60B6-58A5-02000000C601}6284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206487Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:39.363{E265CAAD-203B-60B6-56A5-02000000C601}6216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206442Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:38.953{E265CAAD-203A-60B6-4AA5-02000000C601}5248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206408Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:38.598{E265CAAD-203A-60B6-40A5-02000000C601}2276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206396Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:38.480{E265CAAD-203A-60B6-3EA5-02000000C601}13176C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206392Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:38.452{E265CAAD-203A-60B6-3CA5-02000000C601}10012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206361Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:38.213{E265CAAD-203A-60B6-32A5-02000000C601}4544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206347Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:38.142{E265CAAD-203A-60B6-2FA5-02000000C601}10908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206334Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:37.965{E265CAAD-2039-60B6-29A5-02000000C601}9668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206325Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:37.885{E265CAAD-2039-60B6-26A5-02000000C601}6128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206287Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:37.551{E265CAAD-2039-60B6-1CA5-02000000C601}10180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206283Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:37.506{E265CAAD-2039-60B6-1BA5-02000000C601}7232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206261Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:37.356{E265CAAD-2039-60B6-13A5-02000000C601}11260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206246Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:37.115{E265CAAD-2039-60B6-0FA5-02000000C601}7280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206118Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.839{E265CAAD-2038-60B6-08A5-02000000C601}8668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206114Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.759{E265CAAD-2038-60B6-06A5-02000000C601}13804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206109Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.706{E265CAAD-2038-60B6-05A5-02000000C601}13144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206095Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.612{E265CAAD-2038-60B6-FEA4-02000000C601}6256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206089Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.555{E265CAAD-2038-60B6-FBA4-02000000C601}10464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206081Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.516{E265CAAD-2038-60B6-F7A4-02000000C601}744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206073Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.438{E265CAAD-2038-60B6-F3A4-02000000C601}14060C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206071Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.393{E265CAAD-2038-60B6-F2A4-02000000C601}1488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206069Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.377{E265CAAD-2038-60B6-F1A4-02000000C601}7724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206063Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.302{E265CAAD-2038-60B6-EEA4-02000000C601}1096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206055Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.262{E265CAAD-2038-60B6-EAA4-02000000C601}12544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206049Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.216{E265CAAD-2038-60B6-E7A4-02000000C601}8208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206041Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.157{E265CAAD-2038-60B6-E3A4-02000000C601}11744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206033Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.072{E265CAAD-2038-60B6-DFA4-02000000C601}14252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206027Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:36.046{E265CAAD-2038-60B6-DCA4-02000000C601}5716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206021Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.950{E265CAAD-2037-60B6-D9A4-02000000C601}8836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206015Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.913{E265CAAD-2037-60B6-D6A4-02000000C601}1692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206005Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.794{E265CAAD-2037-60B6-D1A4-02000000C601}11088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001206001Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.786{E265CAAD-2037-60B6-CFA4-02000000C601}10172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205999Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.776{E265CAAD-2037-60B6-CEA4-02000000C601}8908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205995Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.746{E265CAAD-2037-60B6-CCA4-02000000C601}10228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205988Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.713{E265CAAD-2037-60B6-C9A4-02000000C601}13012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205982Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.674{E265CAAD-2037-60B6-C6A4-02000000C601}1864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205980Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.657{E265CAAD-2037-60B6-C5A4-02000000C601}13868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205967Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.447{E265CAAD-2037-60B6-BFA4-02000000C601}6940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205965Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.419{E265CAAD-2037-60B6-BEA4-02000000C601}2016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205953Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.328{E265CAAD-2037-60B6-B8A4-02000000C601}7728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205947Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.297{E265CAAD-2037-60B6-B5A4-02000000C601}4744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205939Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.179{E265CAAD-2037-60B6-B1A4-02000000C601}6648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205933Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.139{E265CAAD-2037-60B6-AEA4-02000000C601}5040C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205927Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.096{E265CAAD-2037-60B6-ABA4-02000000C601}4792C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205921Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.016{E265CAAD-2037-60B6-A8A4-02000000C601}12972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205919Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.000{E265CAAD-2037-60B6-A6A4-02000000C601}11100C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205917Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:35.010{E265CAAD-2037-60B6-A7A4-02000000C601}568C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205913Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.985{E265CAAD-2036-60B6-A4A4-02000000C601}9992C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205904Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.927{E265CAAD-2036-60B6-A1A4-02000000C601}8924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205894Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.876{E265CAAD-2036-60B6-9DA4-02000000C601}12908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205874Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.535{E265CAAD-2036-60B6-93A4-02000000C601}8688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205872Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.496{E265CAAD-2036-60B6-90A4-02000000C601}8408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205867Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.503{E265CAAD-2036-60B6-92A4-02000000C601}8160C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205860Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.424{E265CAAD-2036-60B6-8CA4-02000000C601}7152C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205858Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.406{E265CAAD-2036-60B6-8BA4-02000000C601}6752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205854Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.274{E265CAAD-2036-60B6-87A4-02000000C601}8288C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205844Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.248{E265CAAD-2036-60B6-84A4-02000000C601}9436C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205838Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.209{E265CAAD-2036-60B6-81A4-02000000C601}13092C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205834Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.172{E265CAAD-2036-60B6-7FA4-02000000C601}13372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205826Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.108{E265CAAD-2036-60B6-7BA4-02000000C601}2316C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205818Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:34.049{E265CAAD-2036-60B6-77A4-02000000C601}11588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205808Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.965{E265CAAD-2035-60B6-73A4-02000000C601}11796C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205804Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.905{E265CAAD-2035-60B6-70A4-02000000C601}4724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205798Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.839{E265CAAD-2035-60B6-6DA4-02000000C601}14156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205789Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.760{E265CAAD-2035-60B6-69A4-02000000C601}2736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205785Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.722{E265CAAD-2035-60B6-67A4-02000000C601}11360C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205781Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.711{E265CAAD-2035-60B6-65A4-02000000C601}3932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205777Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.668{E265CAAD-2035-60B6-63A4-02000000C601}11664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205773Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.643{E265CAAD-2035-60B6-61A4-02000000C601}14136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205767Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.586{E265CAAD-2035-60B6-5EA4-02000000C601}9320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205755Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.455{E265CAAD-2035-60B6-58A4-02000000C601}212C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205747Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.399{E265CAAD-2035-60B6-54A4-02000000C601}10444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205741Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.330{E265CAAD-2035-60B6-51A4-02000000C601}4048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205739Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.318{E265CAAD-2035-60B6-50A4-02000000C601}2528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205733Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.275{E265CAAD-2035-60B6-4DA4-02000000C601}2208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205729Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.228{E265CAAD-2035-60B6-4BA4-02000000C601}9816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205723Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.172{E265CAAD-2035-60B6-48A4-02000000C601}12056C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205713Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.059{E265CAAD-2035-60B6-43A4-02000000C601}6984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205711Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:33.044{E265CAAD-2035-60B6-42A4-02000000C601}5824C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205703Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.959{E265CAAD-2034-60B6-3EA4-02000000C601}13772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205697Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.917{E265CAAD-2034-60B6-3BA4-02000000C601}1728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205693Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.875{E265CAAD-2034-60B6-39A4-02000000C601}12024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205689Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.862{E265CAAD-2034-60B6-37A4-02000000C601}4436C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205679Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.769{E265CAAD-2034-60B6-32A4-02000000C601}7696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205673Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.730{E265CAAD-2034-60B6-2FA4-02000000C601}6944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205669Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.697{E265CAAD-2034-60B6-2DA4-02000000C601}9124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205665Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.651{E265CAAD-2034-60B6-2BA4-02000000C601}7216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205659Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.599{E265CAAD-2034-60B6-28A4-02000000C601}11372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205657Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.583{E265CAAD-2034-60B6-27A4-02000000C601}5364C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205649Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.498{E265CAAD-2034-60B6-23A4-02000000C601}8964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205643Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.440{E265CAAD-2034-60B6-20A4-02000000C601}1040C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205633Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.295{E265CAAD-2034-60B6-1BA4-02000000C601}10488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205631Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.269{E265CAAD-2034-60B6-1AA4-02000000C601}8944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205621Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.128{E265CAAD-2034-60B6-15A4-02000000C601}7536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205615Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.078{E265CAAD-2034-60B6-12A4-02000000C601}13556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205609Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.027{E265CAAD-2034-60B6-0FA4-02000000C601}13008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205605Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:32.010{E265CAAD-2034-60B6-0DA4-02000000C601}13404C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205599Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.955{E265CAAD-2033-60B6-0AA4-02000000C601}9608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205593Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.921{E265CAAD-2033-60B6-07A4-02000000C601}5380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205587Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.841{E265CAAD-2033-60B6-04A4-02000000C601}13808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205577Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.720{E265CAAD-2033-60B6-FFA3-02000000C601}12320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205569Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.663{E265CAAD-2033-60B6-FBA3-02000000C601}12988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205563Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.620{E265CAAD-2033-60B6-F8A3-02000000C601}8800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205557Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.587{E265CAAD-2033-60B6-F5A3-02000000C601}11592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205555Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.546{E265CAAD-2033-60B6-F3A3-02000000C601}12032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205549Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.488{E265CAAD-2033-60B6-F1A3-02000000C601}5840C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205543Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.370{E265CAAD-2033-60B6-EEA3-02000000C601}11772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205539Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.328{E265CAAD-2033-60B6-ECA3-02000000C601}14132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205531Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.237{E265CAAD-2033-60B6-E8A3-02000000C601}11672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205523Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.141{E265CAAD-2033-60B6-E4A3-02000000C601}9828C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-2027-60B6-5FA3-02000000C601}8484C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205521Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:31.101{E265CAAD-2033-60B6-E3A3-02000000C601}3400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205517Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:30.931{E265CAAD-2032-60B6-E1A3-02000000C601}5788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205515Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:30.889{E265CAAD-2032-60B6-E0A3-02000000C601}9964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205504Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:30.522{E265CAAD-2032-60B6-DBA3-02000000C601}5032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205497Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:30.372{E265CAAD-2032-60B6-D8A3-02000000C601}8792C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205491Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:30.059{E265CAAD-2032-60B6-D5A3-02000000C601}7132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205485Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:29.876{E265CAAD-2031-60B6-D2A3-02000000C601}3408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205477Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:29.342{E265CAAD-2031-60B6-CEA3-02000000C601}4180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205475Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:29.311{E265CAAD-2031-60B6-CDA3-02000000C601}9396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205467Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:29.089{E265CAAD-2031-60B6-C9A3-02000000C601}11916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205459Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:28.858{E265CAAD-2030-60B6-C5A3-02000000C601}7836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205457Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:28.768{E265CAAD-2030-60B6-C4A3-02000000C601}10956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205434Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:27.441{E265CAAD-202F-60B6-BDA3-02000000C601}10680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205405Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:27.115{E265CAAD-202F-60B6-B6A3-02000000C601}13908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205377Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:26.715{E265CAAD-202E-60B6-AEA3-02000000C601}9412C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205360Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:26.532{E265CAAD-202E-60B6-AAA3-02000000C601}12076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205335Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:26.169{E265CAAD-202E-60B6-A2A3-02000000C601}13260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205329Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:26.045{E265CAAD-202E-60B6-9FA3-02000000C601}3496C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205318Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:25.782{E265CAAD-202D-60B6-9BA3-02000000C601}11464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205311Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:25.526{E265CAAD-202D-60B6-99A3-02000000C601}6484C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205296Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:25.335{E265CAAD-202D-60B6-93A3-02000000C601}2300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205278Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:24.298{E265CAAD-202C-60B6-8DA3-02000000C601}9656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205276Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:24.278{E265CAAD-202C-60B6-8CA3-02000000C601}9048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205258Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:23.812{E265CAAD-202B-60B6-86A3-02000000C601}688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205252Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:23.576{E265CAAD-202B-60B6-83A3-02000000C601}13452C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205239Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:23.038{E265CAAD-202B-60B6-7EA3-02000000C601}8684C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205234Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:23.000{E265CAAD-202B-60B6-7DA3-02000000C601}13844C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205217Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:22.282{E265CAAD-202A-60B6-76A3-02000000C601}12764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205212Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:22.186{E265CAAD-202A-60B6-75A3-02000000C601}13568C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205199Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:21.827{E265CAAD-2029-60B6-70A3-02000000C601}14304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205188Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:21.543{E265CAAD-2029-60B6-6CA3-02000000C601}12724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205169Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:21.367{E265CAAD-2029-60B6-69A3-02000000C601}13348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205151Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:19.738{E265CAAD-2027-60B6-63A3-02000000C601}8128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205024Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:19.347{E265CAAD-2027-60B6-60A3-02000000C601}2100C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001205000Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:18.905{E265CAAD-2026-60B6-56A3-02000000C601}4348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204996Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:18.762{E265CAAD-2026-60B6-54A3-02000000C601}6348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204983Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:18.463{E265CAAD-2026-60B6-4FA3-02000000C601}13720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204977Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:18.256{E265CAAD-2026-60B6-4CA3-02000000C601}12248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204959Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:17.779{E265CAAD-2025-60B6-46A3-02000000C601}11896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204957Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:17.701{E265CAAD-2025-60B6-45A3-02000000C601}2592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204942Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:16.986{E265CAAD-2024-60B6-3FA3-02000000C601}13356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204937Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:16.840{E265CAAD-2024-60B6-3EA3-02000000C601}7988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204920Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:16.231{E265CAAD-2024-60B6-37A3-02000000C601}12640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204918Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:16.182{E265CAAD-2024-60B6-36A3-02000000C601}10544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204900Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:15.773{E265CAAD-2023-60B6-30A3-02000000C601}9292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204894Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:15.658{E265CAAD-2023-60B6-2DA3-02000000C601}12140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204885Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:15.436{E265CAAD-2023-60B6-2AA3-02000000C601}13060C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204875Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:15.186{E265CAAD-2023-60B6-25A3-02000000C601}5760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204866Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:14.982{E265CAAD-2022-60B6-22A3-02000000C601}12132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204853Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:14.622{E265CAAD-2022-60B6-1DA3-02000000C601}7012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204851Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:14.588{E265CAAD-2022-60B6-1CA3-02000000C601}11008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204836Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:14.132{E265CAAD-2022-60B6-16A3-02000000C601}13996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204827Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:14.045{E265CAAD-2022-60B6-13A3-02000000C601}4540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204823Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:13.941{E265CAAD-2021-60B6-11A3-02000000C601}12488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204810Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:13.689{E265CAAD-2021-60B6-0CA3-02000000C601}8256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204804Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:13.549{E265CAAD-2021-60B6-09A3-02000000C601}11336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204793Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:13.252{E265CAAD-2021-60B6-05A3-02000000C601}6184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204782Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:12.875{E265CAAD-2020-60B6-01A3-02000000C601}10892C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204769Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:12.515{E265CAAD-2020-60B6-FCA2-02000000C601}1252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204765Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:12.442{E265CAAD-2020-60B6-FAA2-02000000C601}2068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204754Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:12.286{E265CAAD-2020-60B6-F6A2-02000000C601}14232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204750Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:12.151{E265CAAD-2020-60B6-F4A2-02000000C601}9536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204730Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:11.451{E265CAAD-201F-60B6-EDA2-02000000C601}2896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204728Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:11.392{E265CAAD-201F-60B6-ECA2-02000000C601}9420C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204707Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:10.752{E265CAAD-201E-60B6-E5A2-02000000C601}8880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204705Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:10.705{E265CAAD-201E-60B6-E4A2-02000000C601}12316C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204678Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:09.955{E265CAAD-201D-60B6-DEA2-02000000C601}9984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204676Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:09.947{E265CAAD-201D-60B6-DDA2-02000000C601}3108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204663Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:09.355{E265CAAD-201D-60B6-D8A2-02000000C601}4324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204657Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:09.069{E265CAAD-201D-60B6-D5A2-02000000C601}12916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204645Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:08.565{E265CAAD-201C-60B6-CFA2-02000000C601}4232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204641Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:08.421{E265CAAD-201C-60B6-CDA2-02000000C601}11288C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204635Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:08.161{E265CAAD-201C-60B6-CAA2-02000000C601}12744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204629Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:07.787{E265CAAD-201B-60B6-C7A2-02000000C601}2748C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204622Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:07.586{E265CAAD-201B-60B6-C3A2-02000000C601}13372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204616Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:07.345{E265CAAD-201B-60B6-C0A2-02000000C601}9376C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204609Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:06.830{E265CAAD-201A-60B6-BCA2-02000000C601}12824C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204607Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:06.791{E265CAAD-201A-60B6-BBA2-02000000C601}7948C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204591Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:04.663{E265CAAD-2018-60B6-B4A2-02000000C601}13076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204589Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:04.592{E265CAAD-2018-60B6-B3A2-02000000C601}10156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204577Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:04.071{E265CAAD-2018-60B6-AEA2-02000000C601}13128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204575Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:04.048{E265CAAD-2018-60B6-ADA2-02000000C601}10856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204556Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:02.365{E265CAAD-2016-60B6-A8A2-02000000C601}13316C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204554Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:55:02.258{E265CAAD-2016-60B6-A7A2-02000000C601}7980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204531Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:59.819{E265CAAD-2013-60B6-8EA2-02000000C601}13140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204525Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:59.315{E265CAAD-2013-60B6-8BA2-02000000C601}11352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204519Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:53.128{E265CAAD-200D-60B6-88A2-02000000C601}8612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204513Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:52.846{E265CAAD-200C-60B6-85A2-02000000C601}4112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204507Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:52.475{E265CAAD-200C-60B6-82A2-02000000C601}3068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204501Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:52.106{E265CAAD-200C-60B6-7FA2-02000000C601}4348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204495Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:51.892{E265CAAD-200B-60B6-7CA2-02000000C601}5632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204489Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:51.685{E265CAAD-200B-60B6-79A2-02000000C601}9608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204483Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:51.390{E265CAAD-200B-60B6-76A2-02000000C601}2588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204477Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:51.121{E265CAAD-200B-60B6-73A2-02000000C601}1628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204471Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:50.907{E265CAAD-200A-60B6-70A2-02000000C601}10032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204465Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:50.664{E265CAAD-200A-60B6-6DA2-02000000C601}7936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204459Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:50.365{E265CAAD-200A-60B6-6AA2-02000000C601}8484C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204453Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:50.125{E265CAAD-200A-60B6-67A2-02000000C601}8588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204447Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:49.862{E265CAAD-2009-60B6-64A2-02000000C601}13840C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204441Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:49.568{E265CAAD-2009-60B6-61A2-02000000C601}1872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204435Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:49.288{E265CAAD-2009-60B6-5EA2-02000000C601}10368C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204429Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:48.960{E265CAAD-2008-60B6-5BA2-02000000C601}6392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204423Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:48.635{E265CAAD-2008-60B6-58A2-02000000C601}5380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204417Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:48.250{E265CAAD-2008-60B6-55A2-02000000C601}12148C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204411Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:47.872{E265CAAD-2007-60B6-52A2-02000000C601}13716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204405Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:47.632{E265CAAD-2007-60B6-4FA2-02000000C601}5720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204399Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:47.393{E265CAAD-2007-60B6-4CA2-02000000C601}2864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204393Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:47.225{E265CAAD-2007-60B6-49A2-02000000C601}13848C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204387Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:46.965{E265CAAD-2006-60B6-46A2-02000000C601}10204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204381Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:46.735{E265CAAD-2006-60B6-43A2-02000000C601}7760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204375Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:46.546{E265CAAD-2006-60B6-40A2-02000000C601}6908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204369Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:46.372{E265CAAD-2006-60B6-3DA2-02000000C601}9772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204363Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:46.246{E265CAAD-2006-60B6-3AA2-02000000C601}12760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204357Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:46.119{E265CAAD-2006-60B6-37A2-02000000C601}7212C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204351Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:45.938{E265CAAD-2005-60B6-34A2-02000000C601}7552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204345Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:45.751{E265CAAD-2005-60B6-31A2-02000000C601}9588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204339Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:45.406{E265CAAD-2005-60B6-2EA2-02000000C601}13820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204333Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:45.175{E265CAAD-2005-60B6-2BA2-02000000C601}6348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204327Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:44.922{E265CAAD-2004-60B6-28A2-02000000C601}14128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204321Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:44.711{E265CAAD-2004-60B6-25A2-02000000C601}11680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204315Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:44.483{E265CAAD-2004-60B6-22A2-02000000C601}5676C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204309Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:44.282{E265CAAD-2004-60B6-1FA2-02000000C601}7708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204303Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:44.089{E265CAAD-2004-60B6-1CA2-02000000C601}7292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204297Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:43.962{E265CAAD-2003-60B6-19A2-02000000C601}11560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204291Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:43.815{E265CAAD-2003-60B6-16A2-02000000C601}13720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204285Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:43.638{E265CAAD-2003-60B6-13A2-02000000C601}6196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204279Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:43.464{E265CAAD-2003-60B6-10A2-02000000C601}9308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204273Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:43.258{E265CAAD-2003-60B6-0DA2-02000000C601}10772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204267Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:43.041{E265CAAD-2003-60B6-0AA2-02000000C601}12424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204261Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:42.799{E265CAAD-2002-60B6-07A2-02000000C601}12788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204255Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:42.699{E265CAAD-2002-60B6-04A2-02000000C601}13356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204249Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:42.525{E265CAAD-2002-60B6-01A2-02000000C601}7876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204243Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:42.310{E265CAAD-2002-60B6-FEA1-02000000C601}6884C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204237Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:42.074{E265CAAD-2002-60B6-FBA1-02000000C601}11600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204231Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:41.822{E265CAAD-2001-60B6-F8A1-02000000C601}11896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204225Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:41.581{E265CAAD-2001-60B6-F5A1-02000000C601}11436C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204219Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:41.351{E265CAAD-2001-60B6-F2A1-02000000C601}8048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001204213Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:54:40.511{E265CAAD-2000-60B6-EFA1-02000000C601}7384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202521Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:39.658{E265CAAD-1FC3-60B6-79A1-02000000C601}3120C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202510Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:38.985{E265CAAD-1FC2-60B6-75A1-02000000C601}13584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202499Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:38.634{E265CAAD-1FC2-60B6-71A1-02000000C601}13712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202480Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:38.124{E265CAAD-1FC2-60B6-6CA1-02000000C601}6016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202460Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:37.461{E265CAAD-1FC1-60B6-66A1-02000000C601}13948C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202436Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:36.562{E265CAAD-1FC0-60B6-5FA1-02000000C601}10720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202430Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:35.738{E265CAAD-1FBF-60B6-5CA1-02000000C601}2416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202419Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:35.259{E265CAAD-1FBF-60B6-58A1-02000000C601}11776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202409Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:34.603{E265CAAD-1FBE-60B6-53A1-02000000C601}528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202407Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:34.578{E265CAAD-1FBE-60B6-52A1-02000000C601}13672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202397Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:34.058{E265CAAD-1FBE-60B6-4DA1-02000000C601}10836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202395Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:33.976{E265CAAD-1FBD-60B6-4CA1-02000000C601}7728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202385Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:32.714{E265CAAD-1FBC-60B6-47A1-02000000C601}7520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202383Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:32.695{E265CAAD-1FBC-60B6-46A1-02000000C601}12232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202373Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:32.163{E265CAAD-1FBC-60B6-41A1-02000000C601}5108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202371Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:32.071{E265CAAD-1FBC-60B6-40A1-02000000C601}808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202361Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:31.454{E265CAAD-1FBB-60B6-3BA1-02000000C601}6268C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202359Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:31.431{E265CAAD-1FBB-60B6-3AA1-02000000C601}2680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202349Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:30.938{E265CAAD-1FBA-60B6-35A1-02000000C601}7516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202347Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:30.811{E265CAAD-1FBA-60B6-34A1-02000000C601}5888C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202337Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:29.955{E265CAAD-1FB9-60B6-2FA1-02000000C601}13816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202335Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:29.700{E265CAAD-1FB9-60B6-2EA1-02000000C601}9416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202325Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:29.259{E265CAAD-1FB9-60B6-29A1-02000000C601}2252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202323Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:29.128{E265CAAD-1FB9-60B6-28A1-02000000C601}10052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202315Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:28.705{E265CAAD-1FB8-60B6-24A1-02000000C601}6128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202311Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:28.476{E265CAAD-1FB8-60B6-22A1-02000000C601}5820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202303Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:27.928{E265CAAD-1FB7-60B6-1EA1-02000000C601}6260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202297Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:27.629{E265CAAD-1FB7-60B6-1BA1-02000000C601}13408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202291Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:27.363{E265CAAD-1FB7-60B6-18A1-02000000C601}6472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202285Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:27.053{E265CAAD-1FB7-60B6-15A1-02000000C601}10760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202279Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:26.471{E265CAAD-1FB6-60B6-12A1-02000000C601}12108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202273Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:25.335{E265CAAD-1FB5-60B6-0FA1-02000000C601}7744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202267Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:25.041{E265CAAD-1FB5-60B6-0CA1-02000000C601}1776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202261Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:24.793{E265CAAD-1FB4-60B6-09A1-02000000C601}12124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202255Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:24.417{E265CAAD-1FB4-60B6-06A1-02000000C601}2644C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202247Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:23.909{E265CAAD-1FB3-60B6-02A1-02000000C601}8804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202243Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:23.641{E265CAAD-1FB3-60B6-00A1-02000000C601}720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202237Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:23.286{E265CAAD-1FB3-60B6-FDA0-02000000C601}9120C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202231Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:22.904{E265CAAD-1FB2-60B6-FAA0-02000000C601}8048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202225Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:22.669{E265CAAD-1FB2-60B6-F7A0-02000000C601}7616C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202217Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:22.238{E265CAAD-1FB2-60B6-F3A0-02000000C601}9728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202215Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:22.175{E265CAAD-1FB2-60B6-F2A0-02000000C601}9512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202205Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:21.775{E265CAAD-1FB1-60B6-EDA0-02000000C601}9548C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202203Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:21.693{E265CAAD-1FB1-60B6-ECA0-02000000C601}8752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202195Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:21.328{E265CAAD-1FB1-60B6-E8A0-02000000C601}12072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202187Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:21.036{E265CAAD-1FB1-60B6-E4A0-02000000C601}5056C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202185Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:20.934{E265CAAD-1FB0-60B6-E3A0-02000000C601}13612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202177Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:20.432{E265CAAD-1FB0-60B6-DFA0-02000000C601}5376C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202173Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:20.235{E265CAAD-1FB0-60B6-DDA0-02000000C601}12448C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202163Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:19.462{E265CAAD-1FAF-60B6-D8A0-02000000C601}916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202159Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:19.296{E265CAAD-1FAF-60B6-D6A0-02000000C601}14092C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202153Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:19.011{E265CAAD-1FAF-60B6-D3A0-02000000C601}7384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202147Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:18.790{E265CAAD-1FAE-60B6-D0A0-02000000C601}10756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202141Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:18.594{E265CAAD-1FAE-60B6-CDA0-02000000C601}7200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202135Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:18.158{E265CAAD-1FAE-60B6-CAA0-02000000C601}6488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202129Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:17.940{E265CAAD-1FAD-60B6-C7A0-02000000C601}13556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202121Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:17.710{E265CAAD-1FAD-60B6-C3A0-02000000C601}9988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202119Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:17.664{E265CAAD-1FAD-60B6-C2A0-02000000C601}8236C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202109Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:17.361{E265CAAD-1FAD-60B6-BDA0-02000000C601}3672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202107Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:17.298{E265CAAD-1FAD-60B6-BCA0-02000000C601}4352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202097Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:16.762{E265CAAD-1FAC-60B6-B7A0-02000000C601}13364C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202095Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:16.722{E265CAAD-1FAC-60B6-B6A0-02000000C601}10956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202085Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:16.215{E265CAAD-1FAC-60B6-B1A0-02000000C601}5184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202081Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:16.105{E265CAAD-1FAC-60B6-AFA0-02000000C601}13360C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202075Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:15.968{E265CAAD-1FAB-60B6-ACA0-02000000C601}9288C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202067Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:15.682{E265CAAD-1FAB-60B6-A8A0-02000000C601}5596C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202065Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:15.674{E265CAAD-1FAB-60B6-A7A0-02000000C601}8164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202055Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:14.946{E265CAAD-1FAA-60B6-A2A0-02000000C601}8904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202051Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:14.811{E265CAAD-1FAA-60B6-A0A0-02000000C601}9460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202045Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:14.615{E265CAAD-1FAA-60B6-9DA0-02000000C601}9820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202039Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:14.508{E265CAAD-1FAA-60B6-9AA0-02000000C601}10548C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202035Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:14.418{E265CAAD-1FAA-60B6-98A0-02000000C601}12160C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202025Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:13.878{E265CAAD-1FA9-60B6-93A0-02000000C601}13684C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202021Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:13.778{E265CAAD-1FA9-60B6-91A0-02000000C601}13964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202017Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:13.622{E265CAAD-1FA9-60B6-8FA0-02000000C601}12844C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202009Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:13.250{E265CAAD-1FA9-60B6-8BA0-02000000C601}7584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001202003Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:12.891{E265CAAD-1FA8-60B6-88A0-02000000C601}13328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201996Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:12.634{E265CAAD-1FA8-60B6-85A0-02000000C601}11672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201988Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:12.284{E265CAAD-1FA8-60B6-81A0-02000000C601}284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201986Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:12.230{E265CAAD-1FA8-60B6-80A0-02000000C601}10472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201976Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:11.985{E265CAAD-1FA7-60B6-7BA0-02000000C601}5740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201974Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:11.859{E265CAAD-1FA7-60B6-7AA0-02000000C601}10872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201966Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:11.482{E265CAAD-1FA7-60B6-76A0-02000000C601}6028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201958Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:11.218{E265CAAD-1FA7-60B6-72A0-02000000C601}9928C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201956Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:11.128{E265CAAD-1FA7-60B6-71A0-02000000C601}11012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201946Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:10.871{E265CAAD-1FA6-60B6-6CA0-02000000C601}10268C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201942Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:10.721{E265CAAD-1FA6-60B6-6BA0-02000000C601}7672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201936Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:10.422{E265CAAD-1FA6-60B6-67A0-02000000C601}7308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201928Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:10.071{E265CAAD-1FA6-60B6-63A0-02000000C601}4136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201926Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:10.042{E265CAAD-1FA6-60B6-62A0-02000000C601}5808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201916Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:09.675{E265CAAD-1FA5-60B6-5DA0-02000000C601}8000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201914Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:09.483{E265CAAD-1FA5-60B6-5CA0-02000000C601}6272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201904Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:09.074{E265CAAD-1FA5-60B6-57A0-02000000C601}8456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201898Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:08.741{E265CAAD-1FA4-60B6-54A0-02000000C601}10736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201896Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:08.561{E265CAAD-1FA4-60B6-53A0-02000000C601}12920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201885Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:07.510{E265CAAD-1FA3-60B6-4DA0-02000000C601}10244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201882Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:06.948{E265CAAD-1FA2-60B6-4BA0-02000000C601}7272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201872Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:06.612{E265CAAD-1FA2-60B6-46A0-02000000C601}6808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201870Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:06.570{E265CAAD-1FA2-60B6-45A0-02000000C601}9336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201861Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:06.072{E265CAAD-1FA2-60B6-40A0-02000000C601}11428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201851Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:05.438{E265CAAD-1FA1-60B6-3BA0-02000000C601}6208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201849Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:05.415{E265CAAD-1FA1-60B6-3AA0-02000000C601}10628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201838Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:04.640{E265CAAD-1FA0-60B6-34A0-02000000C601}13996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201836Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:04.437{E265CAAD-1FA0-60B6-33A0-02000000C601}10696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201822Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:04.052{E265CAAD-1FA0-60B6-2EA0-02000000C601}11964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201820Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:04.005{E265CAAD-1FA0-60B6-2DA0-02000000C601}7028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201812Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:03.591{E265CAAD-1F9F-60B6-29A0-02000000C601}11436C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201804Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:03.297{E265CAAD-1F9F-60B6-25A0-02000000C601}11764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201802Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:03.248{E265CAAD-1F9F-60B6-24A0-02000000C601}9008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201792Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:02.828{E265CAAD-1F9E-60B6-1FA0-02000000C601}6308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201788Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:02.741{E265CAAD-1F9E-60B6-1DA0-02000000C601}11204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201784Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:02.660{E265CAAD-1F9E-60B6-1BA0-02000000C601}4860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201774Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:02.305{E265CAAD-1F9E-60B6-16A0-02000000C601}8680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201772Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:02.248{E265CAAD-1F9E-60B6-15A0-02000000C601}6512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201760Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:01.174{E265CAAD-1F9D-60B6-0EA0-02000000C601}6276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201758Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:01.110{E265CAAD-1F9D-60B6-0DA0-02000000C601}10496C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201748Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:00.848{E265CAAD-1F9C-60B6-08A0-02000000C601}8188C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201744Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:00.615{E265CAAD-1F9C-60B6-06A0-02000000C601}12976C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201736Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:00.238{E265CAAD-1F9C-60B6-02A0-02000000C601}11724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201732Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:53:00.087{E265CAAD-1F9C-60B6-00A0-02000000C601}11328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201728Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:59.822{E265CAAD-1F9B-60B6-FE9F-02000000C601}12384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001201722Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:58.627{E265CAAD-1F9A-60B6-FB9F-02000000C601}6600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200710Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:10.998{E265CAAD-1F6A-60B6-B39F-02000000C601}3492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200687Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:10.565{E265CAAD-1F6A-60B6-AC9F-02000000C601}14060C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200666Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:10.007{E265CAAD-1F6A-60B6-A69F-02000000C601}10204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200645Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:09.541{E265CAAD-1F69-60B6-A09F-02000000C601}4408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200626Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:09.126{E265CAAD-1F69-60B6-9B9F-02000000C601}11868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200610Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:08.801{E265CAAD-1F68-60B6-969F-02000000C601}4380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200594Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:08.531{E265CAAD-1F68-60B6-919F-02000000C601}11040C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200581Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:08.184{E265CAAD-1F68-60B6-8C9F-02000000C601}13564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200565Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:07.794{E265CAAD-1F67-60B6-879F-02000000C601}5468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200546Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:06.965{E265CAAD-1F66-60B6-819F-02000000C601}11140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200520Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:04.593{E265CAAD-1F64-60B6-779F-02000000C601}7008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200504Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:03.912{E265CAAD-1F63-60B6-729F-02000000C601}10180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200488Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:03.645{E265CAAD-1F63-60B6-6D9F-02000000C601}13900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200472Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:02.941{E265CAAD-1F62-60B6-689F-02000000C601}12400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200452Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:01.188{E265CAAD-1F61-60B6-609F-02000000C601}5136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200433Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:00.781{E265CAAD-1F60-60B6-5B9F-02000000C601}14220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200420Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:00.488{E265CAAD-1F60-60B6-569F-02000000C601}2832C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200404Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:52:00.098{E265CAAD-1F60-60B6-519F-02000000C601}7164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200388Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:59.564{E265CAAD-1F5F-60B6-4C9F-02000000C601}13592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200372Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:59.174{E265CAAD-1F5F-60B6-479F-02000000C601}2348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200361Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:58.912{E265CAAD-1F5E-60B6-439F-02000000C601}5384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200345Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:58.438{E265CAAD-1F5E-60B6-3E9F-02000000C601}3196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200324Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:57.814{E265CAAD-1F5D-60B6-389F-02000000C601}11696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200315Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:57.304{E265CAAD-1F5D-60B6-359F-02000000C601}7688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200303Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:56.805{E265CAAD-1F5C-60B6-2F9F-02000000C601}11416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200297Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:56.388{E265CAAD-1F5C-60B6-2C9F-02000000C601}13384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200291Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:55.893{E265CAAD-1F5B-60B6-299F-02000000C601}13776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200285Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:54.745{E265CAAD-1F5A-60B6-269F-02000000C601}6292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200279Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:54.358{E265CAAD-1F5A-60B6-239F-02000000C601}10460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200273Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:53.811{E265CAAD-1F59-60B6-209F-02000000C601}8712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200267Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:53.468{E265CAAD-1F59-60B6-1D9F-02000000C601}5320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200261Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:53.136{E265CAAD-1F59-60B6-1A9F-02000000C601}13860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200259Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:53.096{E265CAAD-1F59-60B6-199F-02000000C601}13780C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200249Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:52.791{E265CAAD-1F58-60B6-149F-02000000C601}14068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200247Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:52.789{E265CAAD-1F58-60B6-139F-02000000C601}8880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200237Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:52.398{E265CAAD-1F58-60B6-0E9F-02000000C601}1084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200235Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:52.341{E265CAAD-1F58-60B6-0D9F-02000000C601}368C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200227Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:51.894{E265CAAD-1F57-60B6-099F-02000000C601}13088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200223Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:51.756{E265CAAD-1F57-60B6-079F-02000000C601}5584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200215Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:51.469{E265CAAD-1F57-60B6-039F-02000000C601}192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200209Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:51.265{E265CAAD-1F57-60B6-009F-02000000C601}5368C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200201Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:50.729{E265CAAD-1F56-60B6-FC9E-02000000C601}12724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200199Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:50.716{E265CAAD-1F56-60B6-FB9E-02000000C601}12936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200189Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:49.950{E265CAAD-1F55-60B6-F69E-02000000C601}12304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200187Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:49.929{E265CAAD-1F55-60B6-F59E-02000000C601}14252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200177Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:49.314{E265CAAD-1F55-60B6-F09E-02000000C601}13412C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200175Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:49.162{E265CAAD-1F55-60B6-EF9E-02000000C601}11276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200165Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:48.551{E265CAAD-1F54-60B6-EA9E-02000000C601}8740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200163Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:48.524{E265CAAD-1F54-60B6-E99E-02000000C601}12692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200153Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:48.024{E265CAAD-1F54-60B6-E49E-02000000C601}7764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200151Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:47.965{E265CAAD-1F53-60B6-E39E-02000000C601}7408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200141Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:47.613{E265CAAD-1F53-60B6-DE9E-02000000C601}14324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200139Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:47.521{E265CAAD-1F53-60B6-DD9E-02000000C601}2856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200129Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:46.961{E265CAAD-1F52-60B6-D89E-02000000C601}13016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200127Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:46.806{E265CAAD-1F52-60B6-D79E-02000000C601}10080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200117Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:46.408{E265CAAD-1F52-60B6-D29E-02000000C601}6560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200115Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:46.358{E265CAAD-1F52-60B6-D19E-02000000C601}884C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200105Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:45.061{E265CAAD-1F51-60B6-CC9E-02000000C601}11828C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200103Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:44.971{E265CAAD-1F50-60B6-CB9E-02000000C601}10428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200093Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:44.418{E265CAAD-1F50-60B6-C69E-02000000C601}12404C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200091Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:44.044{E265CAAD-1F50-60B6-C59E-02000000C601}13260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200081Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:43.094{E265CAAD-1F4F-60B6-C09E-02000000C601}13048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200079Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:43.072{E265CAAD-1F4F-60B6-BF9E-02000000C601}892C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200071Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:42.822{E265CAAD-1F4E-60B6-BB9E-02000000C601}13632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200065Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:42.711{E265CAAD-1F4E-60B6-B89E-02000000C601}4888C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200059Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:42.593{E265CAAD-1F4E-60B6-B59E-02000000C601}744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200051Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:42.080{E265CAAD-1F4E-60B6-B19E-02000000C601}8000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200049Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:42.047{E265CAAD-1F4E-60B6-B09E-02000000C601}11360C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200039Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:41.708{E265CAAD-1F4D-60B6-AB9E-02000000C601}12372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200037Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:41.481{E265CAAD-1F4D-60B6-AA9E-02000000C601}14172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200027Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:41.244{E265CAAD-1F4D-60B6-A59E-02000000C601}4364C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200023Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:41.137{E265CAAD-1F4D-60B6-A39E-02000000C601}10756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200017Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:40.881{E265CAAD-1F4C-60B6-A09E-02000000C601}12000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200011Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:40.717{E265CAAD-1F4C-60B6-9D9E-02000000C601}2104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001200007Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:40.644{E265CAAD-1F4C-60B6-9B9E-02000000C601}8676C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199999Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:40.470{E265CAAD-1F4C-60B6-979E-02000000C601}7308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199993Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:40.258{E265CAAD-1F4C-60B6-949E-02000000C601}13404C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199987Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:40.029{E265CAAD-1F4C-60B6-919E-02000000C601}3664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199979Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:39.882{E265CAAD-1F4B-60B6-8D9E-02000000C601}1468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199977Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:39.855{E265CAAD-1F4B-60B6-8C9E-02000000C601}12764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199967Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:39.568{E265CAAD-1F4B-60B6-879E-02000000C601}14232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199965Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:39.221{E265CAAD-1F4B-60B6-869E-02000000C601}996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199957Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:38.939{E265CAAD-1F4A-60B6-829E-02000000C601}13304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199951Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:38.727{E265CAAD-1F4A-60B6-7F9E-02000000C601}13232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199945Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:38.564{E265CAAD-1F4A-60B6-7C9E-02000000C601}7924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199941Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:38.461{E265CAAD-1F4A-60B6-7A9E-02000000C601}6624C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199931Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:38.221{E265CAAD-1F4A-60B6-759E-02000000C601}5224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199929Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:38.220{E265CAAD-1F4A-60B6-749E-02000000C601}3524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199919Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:37.825{E265CAAD-1F49-60B6-6F9E-02000000C601}11184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199917Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:37.821{E265CAAD-1F49-60B6-6E9E-02000000C601}7200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199907Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:37.441{E265CAAD-1F49-60B6-699E-02000000C601}10776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199901Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:37.154{E265CAAD-1F49-60B6-669E-02000000C601}8860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199899Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:37.054{E265CAAD-1F49-60B6-659E-02000000C601}2820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199893Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:36.736{E265CAAD-1F48-60B6-629E-02000000C601}13104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199887Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:36.381{E265CAAD-1F48-60B6-5F9E-02000000C601}8780C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199881Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:35.902{E265CAAD-1F47-60B6-5C9E-02000000C601}14188C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199875Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:35.451{E265CAAD-1F47-60B6-599E-02000000C601}332C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199869Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:35.087{E265CAAD-1F47-60B6-569E-02000000C601}13524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199863Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:34.860{E265CAAD-1F46-60B6-539E-02000000C601}14216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199857Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:34.624{E265CAAD-1F46-60B6-509E-02000000C601}8648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199851Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:33.971{E265CAAD-1F45-60B6-4D9E-02000000C601}4440C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199845Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:33.763{E265CAAD-1F45-60B6-4A9E-02000000C601}2920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199839Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:33.445{E265CAAD-1F45-60B6-479E-02000000C601}14048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199833Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:33.139{E265CAAD-1F45-60B6-449E-02000000C601}6428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199827Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:32.695{E265CAAD-1F44-60B6-419E-02000000C601}1452C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199821Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:32.438{E265CAAD-1F44-60B6-3E9E-02000000C601}5680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199815Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:32.100{E265CAAD-1F44-60B6-3B9E-02000000C601}8112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199809Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:31.758{E265CAAD-1F43-60B6-389E-02000000C601}1252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199803Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:31.484{E265CAAD-1F43-60B6-359E-02000000C601}6952C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199797Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:31.203{E265CAAD-1F43-60B6-329E-02000000C601}12680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199791Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:30.881{E265CAAD-1F42-60B6-2F9E-02000000C601}9052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199785Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:30.331{E265CAAD-1F42-60B6-2C9E-02000000C601}11080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199779Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:29.893{E265CAAD-1F41-60B6-299E-02000000C601}5932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199773Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:29.611{E265CAAD-1F41-60B6-269E-02000000C601}364C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199767Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:29.225{E265CAAD-1F41-60B6-239E-02000000C601}7776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199761Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:28.861{E265CAAD-1F40-60B6-209E-02000000C601}6376C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199755Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:28.592{E265CAAD-1F40-60B6-1D9E-02000000C601}2844C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199749Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:28.196{E265CAAD-1F40-60B6-1A9E-02000000C601}6772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199743Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:27.868{E265CAAD-1F3F-60B6-179E-02000000C601}10144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199737Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:27.691{E265CAAD-1F3F-60B6-149E-02000000C601}11208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199731Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:27.361{E265CAAD-1F3F-60B6-119E-02000000C601}9264C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001199725Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:51:26.577{E265CAAD-1F3E-60B6-0E9E-02000000C601}11424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198846Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:10.377{E265CAAD-1EF2-60B6-C89D-02000000C601}10676C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198840Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:09.825{E265CAAD-1EF1-60B6-C59D-02000000C601}9876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198731Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:09.340{E265CAAD-1EF1-60B6-C29D-02000000C601}9368C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198725Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:08.700{E265CAAD-1EF0-60B6-BF9D-02000000C601}9524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198627Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:04.662{E265CAAD-1EEC-60B6-B59D-02000000C601}13872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198621Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:04.444{E265CAAD-1EEC-60B6-B29D-02000000C601}7200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198615Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:04.158{E265CAAD-1EEC-60B6-AF9D-02000000C601}9424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198609Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:03.824{E265CAAD-1EEB-60B6-AC9D-02000000C601}10064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198590Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:03.464{E265CAAD-1EEB-60B6-A79D-02000000C601}296C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198562Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:03.241{E265CAAD-1EEB-60B6-9F9D-02000000C601}5740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198521Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:02.928{E265CAAD-1EEA-60B6-959D-02000000C601}4124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198502Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:02.741{E265CAAD-1EEA-60B6-909D-02000000C601}10032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198476Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:02.491{E265CAAD-1EEA-60B6-899D-02000000C601}13804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198450Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:01.728{E265CAAD-1EE9-60B6-829D-02000000C601}5956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198425Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:01.187{E265CAAD-1EE9-60B6-799D-02000000C601}7748C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198406Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:00.934{E265CAAD-1EE8-60B6-749D-02000000C601}10608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198380Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:00.608{E265CAAD-1EE8-60B6-6D9D-02000000C601}8228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198357Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:50:00.304{E265CAAD-1EE8-60B6-669D-02000000C601}9528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198326Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:59.991{E265CAAD-1EE7-60B6-5E9D-02000000C601}3524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198315Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:59.647{E265CAAD-1EE7-60B6-5A9D-02000000C601}12036C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198309Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:59.077{E265CAAD-1EE7-60B6-579D-02000000C601}5224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198303Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:58.527{E265CAAD-1EE6-60B6-549D-02000000C601}7524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198297Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:58.117{E265CAAD-1EE6-60B6-519D-02000000C601}10596C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198291Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:57.530{E265CAAD-1EE5-60B6-4E9D-02000000C601}7456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198285Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:57.090{E265CAAD-1EE5-60B6-4B9D-02000000C601}14164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198259Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:56.541{E265CAAD-1EE4-60B6-449D-02000000C601}14016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198238Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:55.982{E265CAAD-1EE3-60B6-3E9D-02000000C601}6908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198222Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:55.374{E265CAAD-1EE3-60B6-399D-02000000C601}3468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198206Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:54.798{E265CAAD-1EE2-60B6-349D-02000000C601}6624C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198190Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:54.460{E265CAAD-1EE2-60B6-2F9D-02000000C601}3480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198179Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:53.573{E265CAAD-1EE1-60B6-2B9D-02000000C601}5760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198169Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:53.278{E265CAAD-1EE1-60B6-269D-02000000C601}13000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198167Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:53.199{E265CAAD-1EE1-60B6-259D-02000000C601}13220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198159Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:52.950{E265CAAD-1EE0-60B6-219D-02000000C601}11556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198151Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:52.655{E265CAAD-1EE0-60B6-1D9D-02000000C601}1124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198149Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:52.471{E265CAAD-1EE0-60B6-1C9D-02000000C601}13672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198139Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:52.030{E265CAAD-1EE0-60B6-179D-02000000C601}5028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198137Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:51.997{E265CAAD-1EDF-60B6-169D-02000000C601}13276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198126Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:51.563{E265CAAD-1EDF-60B6-119D-02000000C601}8468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198125Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:51.561{E265CAAD-1EDF-60B6-109D-02000000C601}7660C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198117Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:51.217{E265CAAD-1EDF-60B6-0C9D-02000000C601}12136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198111Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:50.937{E265CAAD-1EDE-60B6-099D-02000000C601}10128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198105Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:50.801{E265CAAD-1EDE-60B6-069D-02000000C601}6212C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198097Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:50.364{E265CAAD-1EDE-60B6-029D-02000000C601}2612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198095Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:50.043{E265CAAD-1EDE-60B6-019D-02000000C601}12588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198085Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:49.667{E265CAAD-1EDD-60B6-FC9C-02000000C601}14088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198083Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:49.564{E265CAAD-1EDD-60B6-FB9C-02000000C601}4524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198073Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:48.875{E265CAAD-1EDC-60B6-F69C-02000000C601}12256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198071Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:48.815{E265CAAD-1EDC-60B6-F59C-02000000C601}10348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198061Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:48.390{E265CAAD-1EDC-60B6-F09C-02000000C601}10896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198059Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:48.374{E265CAAD-1EDC-60B6-EF9C-02000000C601}10624C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198049Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:47.905{E265CAAD-1EDB-60B6-EA9C-02000000C601}5108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198047Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:47.857{E265CAAD-1EDB-60B6-E99C-02000000C601}6252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198037Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:47.478{E265CAAD-1EDB-60B6-E49C-02000000C601}10432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198033Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:47.321{E265CAAD-1EDB-60B6-E29C-02000000C601}11620C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198029Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:47.186{E265CAAD-1EDB-60B6-E09C-02000000C601}11284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198019Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:46.815{E265CAAD-1EDA-60B6-DB9C-02000000C601}8300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198017Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:46.774{E265CAAD-1EDA-60B6-DA9C-02000000C601}8348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198007Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:46.426{E265CAAD-1EDA-60B6-D59C-02000000C601}14272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001198003Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:46.360{E265CAAD-1EDA-60B6-D39C-02000000C601}5448C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197994Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:45.987{E265CAAD-1ED9-60B6-CF9C-02000000C601}10376C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197992Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:45.940{E265CAAD-1ED9-60B6-CE9C-02000000C601}12224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197982Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:45.388{E265CAAD-1ED9-60B6-C99C-02000000C601}6508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197980Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:45.286{E265CAAD-1ED9-60B6-C89C-02000000C601}1204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197972Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:44.937{E265CAAD-1ED8-60B6-C49C-02000000C601}5856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197964Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:44.662{E265CAAD-1ED8-60B6-C09C-02000000C601}13988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197962Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:44.640{E265CAAD-1ED8-60B6-BF9C-02000000C601}10136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197952Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:44.250{E265CAAD-1ED8-60B6-BA9C-02000000C601}1404C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197950Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:44.225{E265CAAD-1ED8-60B6-B99C-02000000C601}8488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197940Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:43.794{E265CAAD-1ED7-60B6-B49C-02000000C601}12452C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197938Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:43.686{E265CAAD-1ED7-60B6-B39C-02000000C601}5888C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197928Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:43.387{E265CAAD-1ED7-60B6-AE9C-02000000C601}8016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197924Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:43.248{E265CAAD-1ED7-60B6-AC9C-02000000C601}7292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197916Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:42.996{E265CAAD-1ED6-60B6-A89C-02000000C601}10152C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197914Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:42.735{E265CAAD-1ED6-60B6-A79C-02000000C601}10808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197904Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:42.444{E265CAAD-1ED6-60B6-A29C-02000000C601}6504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197902Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:42.380{E265CAAD-1ED6-60B6-A19C-02000000C601}12560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197892Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:42.167{E265CAAD-1ED6-60B6-9C9C-02000000C601}6868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197890Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:42.056{E265CAAD-1ED6-60B6-9B9C-02000000C601}6916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197880Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:41.859{E265CAAD-1ED5-60B6-969C-02000000C601}11204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197876Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:41.766{E265CAAD-1ED5-60B6-949C-02000000C601}896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197872Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:41.665{E265CAAD-1ED5-60B6-929C-02000000C601}8344C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197862Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:41.423{E265CAAD-1ED5-60B6-8D9C-02000000C601}528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197860Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:41.370{E265CAAD-1ED5-60B6-8C9C-02000000C601}5756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197850Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:41.150{E265CAAD-1ED5-60B6-879C-02000000C601}13632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197846Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:41.105{E265CAAD-1ED5-60B6-859C-02000000C601}12416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197840Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:40.917{E265CAAD-1ED4-60B6-829C-02000000C601}13776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197832Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:40.751{E265CAAD-1ED4-60B6-7E9C-02000000C601}12388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197830Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:40.699{E265CAAD-1ED4-60B6-7D9C-02000000C601}10904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197822Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:40.391{E265CAAD-1ED4-60B6-799C-02000000C601}6940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197814Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:40.111{E265CAAD-1ED4-60B6-759C-02000000C601}13932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197812Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:40.077{E265CAAD-1ED4-60B6-749C-02000000C601}13876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197802Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:39.528{E265CAAD-1ED3-60B6-6F9C-02000000C601}12316C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197798Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:39.326{E265CAAD-1ED3-60B6-6D9C-02000000C601}14232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197794Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:39.141{E265CAAD-1ED3-60B6-6B9C-02000000C601}8520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197786Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:38.933{E265CAAD-1ED2-60B6-679C-02000000C601}14260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197778Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:38.539{E265CAAD-1ED2-60B6-639C-02000000C601}13956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197776Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:38.511{E265CAAD-1ED2-60B6-629C-02000000C601}3568C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197768Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:36.767{E265CAAD-1ED0-60B6-5E9C-02000000C601}7204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197760Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:36.562{E265CAAD-1ED0-60B6-5A9C-02000000C601}9832C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197754Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:36.265{E265CAAD-1ED0-60B6-579C-02000000C601}14196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197748Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:36.024{E265CAAD-1ED0-60B6-549C-02000000C601}10488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197746Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:35.970{E265CAAD-1ECF-60B6-539C-02000000C601}12580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197739Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:34.402{E265CAAD-1ECE-60B6-509C-02000000C601}4860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197733Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:33.447{E265CAAD-1ECD-60B6-4D9C-02000000C601}6256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197727Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:33.145{E265CAAD-1ECD-60B6-4A9C-02000000C601}856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197721Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:32.960{E265CAAD-1ECC-60B6-479C-02000000C601}6972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197715Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:32.805{E265CAAD-1ECC-60B6-449C-02000000C601}6128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197709Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:32.685{E265CAAD-1ECC-60B6-419C-02000000C601}13320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197703Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:32.371{E265CAAD-1ECC-60B6-3E9C-02000000C601}4184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197697Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:31.998{E265CAAD-1ECB-60B6-3B9C-02000000C601}7048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197691Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:31.528{E265CAAD-1ECB-60B6-389C-02000000C601}6472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197685Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:31.310{E265CAAD-1ECB-60B6-359C-02000000C601}11808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197679Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:31.061{E265CAAD-1ECB-60B6-329C-02000000C601}5060C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197673Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:30.855{E265CAAD-1ECA-60B6-2F9C-02000000C601}13368C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197667Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:30.600{E265CAAD-1ECA-60B6-2C9C-02000000C601}4288C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197661Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:29.527{E265CAAD-1EC9-60B6-299C-02000000C601}11044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197654Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:29.310{E265CAAD-1EC9-60B6-269C-02000000C601}11572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197648Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:29.082{E265CAAD-1EC9-60B6-239C-02000000C601}1432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197642Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:28.947{E265CAAD-1EC8-60B6-209C-02000000C601}14136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197636Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:28.653{E265CAAD-1EC8-60B6-1D9C-02000000C601}7336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197629Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:49:27.706{E265CAAD-1EC7-60B6-1A9C-02000000C601}13512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197211Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:58.904{E265CAAD-1EAA-60B6-D49B-02000000C601}12244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197205Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:58.525{E265CAAD-1EAA-60B6-D19B-02000000C601}12040C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197199Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:58.317{E265CAAD-1EAA-60B6-CE9B-02000000C601}8860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197193Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:57.993{E265CAAD-1EA9-60B6-CB9B-02000000C601}6648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197187Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:57.747{E265CAAD-1EA9-60B6-C89B-02000000C601}4572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197181Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:57.377{E265CAAD-1EA9-60B6-C59B-02000000C601}9872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197175Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:57.127{E265CAAD-1EA9-60B6-C29B-02000000C601}13064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197169Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:56.779{E265CAAD-1EA8-60B6-BF9B-02000000C601}7076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197163Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:56.514{E265CAAD-1EA8-60B6-BC9B-02000000C601}6644C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197157Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:56.207{E265CAAD-1EA8-60B6-B99B-02000000C601}12220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197151Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:55.947{E265CAAD-1EA7-60B6-B69B-02000000C601}8544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197145Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:55.636{E265CAAD-1EA7-60B6-B39B-02000000C601}13088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197139Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:55.197{E265CAAD-1EA7-60B6-B09B-02000000C601}7340C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197133Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:54.684{E265CAAD-1EA6-60B6-AD9B-02000000C601}4444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197127Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:54.244{E265CAAD-1EA6-60B6-AA9B-02000000C601}4036C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197121Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:53.969{E265CAAD-1EA5-60B6-A79B-02000000C601}7768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197115Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:53.803{E265CAAD-1EA5-60B6-A49B-02000000C601}14004C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197109Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:53.670{E265CAAD-1EA5-60B6-A19B-02000000C601}2276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197103Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:53.477{E265CAAD-1EA5-60B6-9E9B-02000000C601}4164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197097Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:53.308{E265CAAD-1EA5-60B6-9B9B-02000000C601}2480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197091Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:53.181{E265CAAD-1EA5-60B6-989B-02000000C601}7220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197085Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:53.043{E265CAAD-1EA5-60B6-959B-02000000C601}13404C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197079Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:52.890{E265CAAD-1EA4-60B6-929B-02000000C601}9140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197073Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:52.758{E265CAAD-1EA4-60B6-8F9B-02000000C601}7720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197067Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:52.567{E265CAAD-1EA4-60B6-8C9B-02000000C601}10948C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197061Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:52.407{E265CAAD-1EA4-60B6-899B-02000000C601}10736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197055Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:52.273{E265CAAD-1EA4-60B6-869B-02000000C601}12408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197049Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:52.130{E265CAAD-1EA4-60B6-839B-02000000C601}1140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197043Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:51.992{E265CAAD-1EA3-60B6-809B-02000000C601}13916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197037Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:51.833{E265CAAD-1EA3-60B6-7D9B-02000000C601}5552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197031Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:51.669{E265CAAD-1EA3-60B6-7A9B-02000000C601}1528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197025Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:51.542{E265CAAD-1EA3-60B6-779B-02000000C601}1228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197019Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:51.368{E265CAAD-1EA3-60B6-749B-02000000C601}7308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197013Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:51.134{E265CAAD-1EA3-60B6-719B-02000000C601}13524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197007Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:50.895{E265CAAD-1EA2-60B6-6E9B-02000000C601}10348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001197001Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:50.590{E265CAAD-1EA2-60B6-6B9B-02000000C601}12260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196995Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:50.374{E265CAAD-1EA2-60B6-689B-02000000C601}8976C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196989Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:50.140{E265CAAD-1EA2-60B6-659B-02000000C601}13880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196973Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:49.884{E265CAAD-1EA1-60B6-629B-02000000C601}2280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196967Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:49.537{E265CAAD-1EA1-60B6-5F9B-02000000C601}9744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196961Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:49.250{E265CAAD-1EA1-60B6-5C9B-02000000C601}9164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196955Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:48.954{E265CAAD-1EA0-60B6-599B-02000000C601}13336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196949Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:48.658{E265CAAD-1EA0-60B6-569B-02000000C601}8728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196943Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:48.343{E265CAAD-1EA0-60B6-539B-02000000C601}3756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196937Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:48.097{E265CAAD-1EA0-60B6-509B-02000000C601}7180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196931Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:47.884{E265CAAD-1E9F-60B6-4D9B-02000000C601}11700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196925Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:45.008{E265CAAD-1E9D-60B6-4A9B-02000000C601}3720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196919Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:44.002{E265CAAD-1E9C-60B6-479B-02000000C601}7332C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196913Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:43.390{E265CAAD-1E9B-60B6-449B-02000000C601}11028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196907Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:43.013{E265CAAD-1E9B-60B6-419B-02000000C601}12632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196901Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:42.600{E265CAAD-1E9A-60B6-3E9B-02000000C601}6944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196895Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:42.422{E265CAAD-1E9A-60B6-3B9B-02000000C601}3356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196889Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:41.788{E265CAAD-1E99-60B6-389B-02000000C601}11880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196883Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:41.258{E265CAAD-1E99-60B6-359B-02000000C601}6472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196877Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:40.797{E265CAAD-1E98-60B6-329B-02000000C601}13492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196871Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:40.433{E265CAAD-1E98-60B6-2F9B-02000000C601}6752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196865Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:40.060{E265CAAD-1E98-60B6-2C9B-02000000C601}9984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196859Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:39.755{E265CAAD-1E97-60B6-299B-02000000C601}8592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196853Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:39.356{E265CAAD-1E97-60B6-269B-02000000C601}11808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196847Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:38.927{E265CAAD-1E96-60B6-239B-02000000C601}13188C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001196841Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:48:36.953{E265CAAD-1E94-60B6-209B-02000000C601}10504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195958Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:43.866{E265CAAD-1E23-60B6-D39A-02000000C601}12544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195952Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:43.458{E265CAAD-1E23-60B6-D09A-02000000C601}12560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195946Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:43.210{E265CAAD-1E23-60B6-CD9A-02000000C601}6940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195940Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:42.950{E265CAAD-1E22-60B6-CA9A-02000000C601}8312C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195934Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:42.778{E265CAAD-1E22-60B6-C79A-02000000C601}9804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195927Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:42.650{E265CAAD-1E22-60B6-C49A-02000000C601}13016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195921Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:42.503{E265CAAD-1E22-60B6-C19A-02000000C601}11960C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195915Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:42.342{E265CAAD-1E22-60B6-BE9A-02000000C601}6636C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195909Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:42.165{E265CAAD-1E22-60B6-BB9A-02000000C601}14304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195903Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:41.928{E265CAAD-1E21-60B6-B89A-02000000C601}13876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195897Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:41.810{E265CAAD-1E21-60B6-B59A-02000000C601}13932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195891Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:41.703{E265CAAD-1E21-60B6-B29A-02000000C601}14052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195885Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:41.538{E265CAAD-1E21-60B6-AF9A-02000000C601}11016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195879Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:41.399{E265CAAD-1E21-60B6-AC9A-02000000C601}8552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195873Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:41.248{E265CAAD-1E21-60B6-A99A-02000000C601}11320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195867Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:41.056{E265CAAD-1E21-60B6-A69A-02000000C601}9344C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195861Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:40.933{E265CAAD-1E20-60B6-A39A-02000000C601}7592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195855Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:40.808{E265CAAD-1E20-60B6-A09A-02000000C601}13708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195849Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:40.616{E265CAAD-1E20-60B6-9D9A-02000000C601}7740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195843Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:40.358{E265CAAD-1E20-60B6-9A9A-02000000C601}5940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195837Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:40.182{E265CAAD-1E20-60B6-979A-02000000C601}11952C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195831Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:40.079{E265CAAD-1E20-60B6-949A-02000000C601}4452C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195825Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:39.817{E265CAAD-1E1F-60B6-919A-02000000C601}10860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195819Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:39.707{E265CAAD-1E1F-60B6-8E9A-02000000C601}7056C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195813Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:39.548{E265CAAD-1E1F-60B6-8B9A-02000000C601}4700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195807Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:39.420{E265CAAD-1E1F-60B6-889A-02000000C601}11588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195801Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:39.287{E265CAAD-1E1F-60B6-859A-02000000C601}11672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195795Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:38.962{E265CAAD-1E1E-60B6-829A-02000000C601}7556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195789Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:38.796{E265CAAD-1E1E-60B6-7F9A-02000000C601}2232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195783Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:38.654{E265CAAD-1E1E-60B6-7C9A-02000000C601}10028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195777Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:38.523{E265CAAD-1E1E-60B6-799A-02000000C601}13696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195771Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:38.355{E265CAAD-1E1E-60B6-769A-02000000C601}5900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195765Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:38.193{E265CAAD-1E1E-60B6-739A-02000000C601}4904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195759Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:38.082{E265CAAD-1E1E-60B6-709A-02000000C601}7720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195753Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:37.945{E265CAAD-1E1D-60B6-6D9A-02000000C601}6460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195747Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:37.790{E265CAAD-1E1D-60B6-6A9A-02000000C601}13168C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195741Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:37.654{E265CAAD-1E1D-60B6-679A-02000000C601}10244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195735Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:37.481{E265CAAD-1E1D-60B6-649A-02000000C601}1096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195729Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:37.322{E265CAAD-1E1D-60B6-619A-02000000C601}12708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195723Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:37.021{E265CAAD-1E1D-60B6-5E9A-02000000C601}9596C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195717Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:36.884{E265CAAD-1E1C-60B6-5B9A-02000000C601}4572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195711Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:36.720{E265CAAD-1E1C-60B6-589A-02000000C601}13344C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195705Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:36.496{E265CAAD-1E1C-60B6-559A-02000000C601}11180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195699Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:36.350{E265CAAD-1E1C-60B6-529A-02000000C601}10412C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195693Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:36.169{E265CAAD-1E1C-60B6-4F9A-02000000C601}6472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195687Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:35.985{E265CAAD-1E1B-60B6-4C9A-02000000C601}11868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195681Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:35.884{E265CAAD-1E1B-60B6-499A-02000000C601}6724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195674Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:35.684{E265CAAD-1E1B-60B6-469A-02000000C601}14320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195668Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:35.536{E265CAAD-1E1B-60B6-439A-02000000C601}13760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195662Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:35.367{E265CAAD-1E1B-60B6-409A-02000000C601}11300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195656Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:35.260{E265CAAD-1E1B-60B6-3D9A-02000000C601}6736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195650Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:35.133{E265CAAD-1E1B-60B6-3A9A-02000000C601}10092C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195644Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:34.963{E265CAAD-1E1A-60B6-379A-02000000C601}10356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195638Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:34.832{E265CAAD-1E1A-60B6-349A-02000000C601}6752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195628Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:34.476{E265CAAD-1E1A-60B6-319A-02000000C601}13896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195622Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:34.344{E265CAAD-1E1A-60B6-2E9A-02000000C601}9560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195616Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:34.047{E265CAAD-1E1A-60B6-2B9A-02000000C601}8944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195610Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:33.684{E265CAAD-1E19-60B6-289A-02000000C601}8956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195604Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:33.557{E265CAAD-1E19-60B6-259A-02000000C601}12328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195598Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:33.366{E265CAAD-1E19-60B6-229A-02000000C601}8360C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001195592Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:46:32.936{E265CAAD-1E18-60B6-1F9A-02000000C601}13776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194717Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:55.083{E265CAAD-1DF3-60B6-D999-02000000C601}9644C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194711Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:54.857{E265CAAD-1DF2-60B6-D699-02000000C601}12504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194705Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:54.640{E265CAAD-1DF2-60B6-D399-02000000C601}4380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194699Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:54.369{E265CAAD-1DF2-60B6-D099-02000000C601}9284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194693Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:53.963{E265CAAD-1DF1-60B6-CD99-02000000C601}4076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194687Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:51.912{E265CAAD-1DEF-60B6-CA99-02000000C601}716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194681Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:51.694{E265CAAD-1DEF-60B6-C799-02000000C601}11576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194675Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:51.494{E265CAAD-1DEF-60B6-C499-02000000C601}2588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194669Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:51.188{E265CAAD-1DEF-60B6-C199-02000000C601}10572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194663Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:51.029{E265CAAD-1DEF-60B6-BE99-02000000C601}12604C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194657Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:50.682{E265CAAD-1DEE-60B6-BB99-02000000C601}10128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194651Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:50.546{E265CAAD-1DEE-60B6-B899-02000000C601}6028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194645Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:50.293{E265CAAD-1DEE-60B6-B599-02000000C601}13232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194639Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:50.060{E265CAAD-1DEE-60B6-B299-02000000C601}9208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194633Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:49.762{E265CAAD-1DED-60B6-AF99-02000000C601}11668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194627Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:48.959{E265CAAD-1DEC-60B6-AC99-02000000C601}7332C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194621Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:48.701{E265CAAD-1DEC-60B6-A999-02000000C601}11540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194615Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:48.579{E265CAAD-1DEC-60B6-A699-02000000C601}11168C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194609Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:48.251{E265CAAD-1DEC-60B6-A399-02000000C601}6128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194603Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:48.046{E265CAAD-1DEC-60B6-A099-02000000C601}10388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194597Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:47.823{E265CAAD-1DEB-60B6-9D99-02000000C601}12764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194591Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:47.605{E265CAAD-1DEB-60B6-9A99-02000000C601}2872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194585Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:47.323{E265CAAD-1DEB-60B6-9799-02000000C601}6748C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194579Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:47.105{E265CAAD-1DEB-60B6-9499-02000000C601}14064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194573Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:46.966{E265CAAD-1DEA-60B6-9199-02000000C601}9064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194567Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:46.781{E265CAAD-1DEA-60B6-8E99-02000000C601}12960C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194561Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:46.583{E265CAAD-1DEA-60B6-8B99-02000000C601}4216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194555Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:46.350{E265CAAD-1DEA-60B6-8899-02000000C601}8940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194549Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:45.953{E265CAAD-1DE9-60B6-8599-02000000C601}10044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194543Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:45.751{E265CAAD-1DE9-60B6-8299-02000000C601}13728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194537Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:45.495{E265CAAD-1DE9-60B6-7F99-02000000C601}8184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194531Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:45.313{E265CAAD-1DE9-60B6-7C99-02000000C601}3560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194525Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:45.060{E265CAAD-1DE9-60B6-7999-02000000C601}11800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194519Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:44.869{E265CAAD-1DE8-60B6-7699-02000000C601}11672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194513Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:44.231{E265CAAD-1DE8-60B6-7399-02000000C601}7876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194507Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:43.882{E265CAAD-1DE7-60B6-7099-02000000C601}12300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194501Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:43.300{E265CAAD-1DE7-60B6-6D99-02000000C601}7260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194495Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:42.779{E265CAAD-1DE6-60B6-6A99-02000000C601}4272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194489Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:42.403{E265CAAD-1DE6-60B6-6799-02000000C601}7524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194483Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:42.053{E265CAAD-1DE6-60B6-6499-02000000C601}7220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194477Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:41.655{E265CAAD-1DE5-60B6-6199-02000000C601}13396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194471Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:41.320{E265CAAD-1DE5-60B6-5E99-02000000C601}8796C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194465Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:41.051{E265CAAD-1DE5-60B6-5B99-02000000C601}8864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194459Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:40.796{E265CAAD-1DE4-60B6-5899-02000000C601}1512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194453Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:40.468{E265CAAD-1DE4-60B6-5599-02000000C601}8004C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194447Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:39.598{E265CAAD-1DE3-60B6-5299-02000000C601}7100C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194441Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:38.842{E265CAAD-1DE2-60B6-4F99-02000000C601}7532C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194435Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:36.766{E265CAAD-1DE0-60B6-4C99-02000000C601}8596C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194429Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:36.443{E265CAAD-1DE0-60B6-4999-02000000C601}7204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194423Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:35.744{E265CAAD-1DDF-60B6-4699-02000000C601}10952C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194417Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:35.376{E265CAAD-1DDF-60B6-4399-02000000C601}10148C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194411Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:34.993{E265CAAD-1DDE-60B6-4099-02000000C601}7380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194405Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:34.616{E265CAAD-1DDE-60B6-3D99-02000000C601}2108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194399Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:34.129{E265CAAD-1DDE-60B6-3A99-02000000C601}4156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194393Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:32.639{E265CAAD-1DDC-60B6-3799-02000000C601}5944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194387Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:31.761{E265CAAD-1DDB-60B6-3499-02000000C601}11872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194381Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:31.340{E265CAAD-1DDB-60B6-3199-02000000C601}2464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194375Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:30.828{E265CAAD-1DDA-60B6-2E99-02000000C601}7756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194369Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:30.376{E265CAAD-1DDA-60B6-2B99-02000000C601}12036C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194363Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:29.626{E265CAAD-1DD9-60B6-2899-02000000C601}8692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001194357Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:28.275{E265CAAD-1DD8-60B6-2599-02000000C601}8348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193494Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:10.871{E265CAAD-1DC6-60B6-E698-02000000C601}12572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193488Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:10.476{E265CAAD-1DC6-60B6-E398-02000000C601}7768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193482Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:10.336{E265CAAD-1DC6-60B6-E098-02000000C601}8084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193476Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:10.107{E265CAAD-1DC6-60B6-DD98-02000000C601}4912C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193470Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:09.911{E265CAAD-1DC5-60B6-DA98-02000000C601}10936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193464Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:09.662{E265CAAD-1DC5-60B6-D798-02000000C601}3144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193458Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:08.239{E265CAAD-1DC4-60B6-D498-02000000C601}11944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193451Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:07.323{E265CAAD-1DC3-60B6-D098-02000000C601}8692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193444Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:06.606{E265CAAD-1DC2-60B6-CC98-02000000C601}11816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193437Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:06.081{E265CAAD-1DC2-60B6-C898-02000000C601}6856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193430Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:05.663{E265CAAD-1DC1-60B6-C498-02000000C601}8996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193424Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:05.430{E265CAAD-1DC1-60B6-C198-02000000C601}5084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193417Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:04.936{E265CAAD-1DC0-60B6-BD98-02000000C601}8820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193411Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:04.422{E265CAAD-1DC0-60B6-BA98-02000000C601}7272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193405Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:03.740{E265CAAD-1DBF-60B6-B798-02000000C601}7536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193399Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:03.043{E265CAAD-1DBF-60B6-B498-02000000C601}3500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193393Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:02.523{E265CAAD-1DBE-60B6-B198-02000000C601}11648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193386Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:01.421{E265CAAD-1DBD-60B6-AD98-02000000C601}8572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193379Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:45:00.232{E265CAAD-1DBC-60B6-9B98-02000000C601}10800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193373Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:59.596{E265CAAD-1DBB-60B6-9898-02000000C601}8328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193367Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:59.186{E265CAAD-1DBB-60B6-9598-02000000C601}11336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193361Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:59.009{E265CAAD-1DBB-60B6-9298-02000000C601}5044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193355Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:58.576{E265CAAD-1DBA-60B6-8F98-02000000C601}4564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193247Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:58.170{E265CAAD-1DBA-60B6-8C98-02000000C601}6996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193241Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:57.802{E265CAAD-1DB9-60B6-8998-02000000C601}8348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193235Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:57.282{E265CAAD-1DB9-60B6-8698-02000000C601}12612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193229Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:56.849{E265CAAD-1DB8-60B6-8398-02000000C601}6964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193223Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:56.303{E265CAAD-1DB8-60B6-8098-02000000C601}2232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193193Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:55.786{E265CAAD-1DB7-60B6-7B98-02000000C601}11292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193187Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:55.309{E265CAAD-1DB7-60B6-7898-02000000C601}6516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193181Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:54.843{E265CAAD-1DB6-60B6-7598-02000000C601}8468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193175Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:54.366{E265CAAD-1DB6-60B6-7298-02000000C601}3504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193169Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:53.947{E265CAAD-1DB5-60B6-6F98-02000000C601}1356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193163Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:53.532{E265CAAD-1DB5-60B6-6C98-02000000C601}4268C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193157Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:53.166{E265CAAD-1DB5-60B6-6998-02000000C601}12148C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193151Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:52.771{E265CAAD-1DB4-60B6-6698-02000000C601}12664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193145Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:52.289{E265CAAD-1DB4-60B6-6398-02000000C601}3196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193139Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:51.366{E265CAAD-1DB3-60B6-6098-02000000C601}7572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193133Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:50.306{E265CAAD-1DB2-60B6-5D98-02000000C601}8116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193107Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:49.701{E265CAAD-1DB1-60B6-5698-02000000C601}13116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193056Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:49.001{E265CAAD-1DB1-60B6-4A98-02000000C601}12080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001193022Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:48.502{E265CAAD-1DB0-60B6-4298-02000000C601}13576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192999Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:46.490{E265CAAD-1DAE-60B6-3B98-02000000C601}7992C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192983Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:45.996{E265CAAD-1DAD-60B6-3698-02000000C601}12036C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192870Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:45.403{E265CAAD-1DAD-60B6-3298-02000000C601}11580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192844Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:45.015{E265CAAD-1DAD-60B6-2B98-02000000C601}4108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192823Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:44.613{E265CAAD-1DAC-60B6-2598-02000000C601}4132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192799Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:44.246{E265CAAD-1DAC-60B6-1F98-02000000C601}11756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192771Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:43.787{E265CAAD-1DAB-60B6-1798-02000000C601}3172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192454Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:43.152{E265CAAD-1DAB-60B6-1098-02000000C601}8548C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192274Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:42.826{E265CAAD-1DAA-60B6-0B98-02000000C601}2700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192268Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:42.543{E265CAAD-1DAA-60B6-0898-02000000C601}11784C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192262Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:42.296{E265CAAD-1DAA-60B6-0598-02000000C601}12808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192256Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:42.010{E265CAAD-1DAA-60B6-0298-02000000C601}9088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192250Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:41.616{E265CAAD-1DA9-60B6-FF97-02000000C601}8484C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192244Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:41.222{E265CAAD-1DA9-60B6-FC97-02000000C601}13460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192238Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:40.943{E265CAAD-1DA8-60B6-F997-02000000C601}13968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192232Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:40.522{E265CAAD-1DA8-60B6-F697-02000000C601}5848C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192226Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:40.042{E265CAAD-1DA8-60B6-F397-02000000C601}10608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192220Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:39.532{E265CAAD-1DA7-60B6-F097-02000000C601}2644C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001192214Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:38.095{E265CAAD-1DA6-60B6-ED97-02000000C601}4664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191918Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:27.152{E265CAAD-1D9B-60B6-B097-02000000C601}13804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191912Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:26.915{E265CAAD-1D9A-60B6-AD97-02000000C601}11884C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191906Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:26.572{E265CAAD-1D9A-60B6-AA97-02000000C601}7112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191900Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:26.306{E265CAAD-1D9A-60B6-A797-02000000C601}10760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191894Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:26.009{E265CAAD-1D9A-60B6-A497-02000000C601}11684C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191888Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:25.723{E265CAAD-1D99-60B6-A197-02000000C601}5076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191882Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:25.356{E265CAAD-1D99-60B6-9E97-02000000C601}11200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191871Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:25.097{E265CAAD-1D99-60B6-9A97-02000000C601}7528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191855Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:24.725{E265CAAD-1D98-60B6-9597-02000000C601}9964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191844Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:24.549{E265CAAD-1D98-60B6-9197-02000000C601}12284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191833Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:24.300{E265CAAD-1D98-60B6-8D97-02000000C601}11160C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191817Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:23.989{E265CAAD-1D97-60B6-8897-02000000C601}13196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191806Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:23.790{E265CAAD-1D97-60B6-8497-02000000C601}13300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191795Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:23.600{E265CAAD-1D97-60B6-8097-02000000C601}11908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191784Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:23.323{E265CAAD-1D97-60B6-7C97-02000000C601}10100C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191773Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:23.083{E265CAAD-1D97-60B6-7897-02000000C601}10072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191762Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:22.875{E265CAAD-1D96-60B6-7497-02000000C601}5476C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191751Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:22.586{E265CAAD-1D96-60B6-7097-02000000C601}11132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191745Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:22.352{E265CAAD-1D96-60B6-6D97-02000000C601}4136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191739Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:22.099{E265CAAD-1D96-60B6-6A97-02000000C601}2232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191733Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:21.983{E265CAAD-1D95-60B6-6797-02000000C601}12792C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191727Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:21.727{E265CAAD-1D95-60B6-6497-02000000C601}3116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191716Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:21.547{E265CAAD-1D95-60B6-6097-02000000C601}4160C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191707Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:20.889{E265CAAD-1D94-60B6-5C97-02000000C601}2016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191701Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:20.488{E265CAAD-1D94-60B6-5997-02000000C601}10776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191695Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:20.052{E265CAAD-1D94-60B6-5697-02000000C601}2300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191689Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:19.709{E265CAAD-1D93-60B6-5397-02000000C601}9428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191683Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:19.394{E265CAAD-1D93-60B6-5097-02000000C601}11816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191677Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:18.933{E265CAAD-1D92-60B6-4D97-02000000C601}10360C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191671Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:18.592{E265CAAD-1D92-60B6-4A97-02000000C601}13264C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191665Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:18.348{E265CAAD-1D92-60B6-4797-02000000C601}9400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191659Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:18.004{E265CAAD-1D92-60B6-4497-02000000C601}9296C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191653Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:17.690{E265CAAD-1D91-60B6-4197-02000000C601}14068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191647Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:17.379{E265CAAD-1D91-60B6-3E97-02000000C601}1776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191641Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:17.035{E265CAAD-1D91-60B6-3B97-02000000C601}11968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191633Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:16.790{E265CAAD-1D90-60B6-3797-02000000C601}7896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191631Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:16.726{E265CAAD-1D90-60B6-3697-02000000C601}2104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191621Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:16.447{E265CAAD-1D90-60B6-3197-02000000C601}8984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191619Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:16.393{E265CAAD-1D90-60B6-3097-02000000C601}7968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191613Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:16.209{E265CAAD-1D90-60B6-2D97-02000000C601}9880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191603Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:15.905{E265CAAD-1D8F-60B6-2897-02000000C601}7532C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191601Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:15.697{E265CAAD-1D8F-60B6-2797-02000000C601}5744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191595Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:15.570{E265CAAD-1D8F-60B6-2497-02000000C601}12444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191587Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:15.180{E265CAAD-1D8F-60B6-2097-02000000C601}12656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191583Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:15.024{E265CAAD-1D8F-60B6-1E97-02000000C601}13856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191575Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:14.780{E265CAAD-1D8E-60B6-1A97-02000000C601}6792C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191567Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:14.387{E265CAAD-1D8E-60B6-1697-02000000C601}11864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191564Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:14.260{E265CAAD-1D8E-60B6-1597-02000000C601}8736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191556Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:14.024{E265CAAD-1D8E-60B6-1197-02000000C601}9808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191550Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:13.871{E265CAAD-1D8D-60B6-0E97-02000000C601}5904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191542Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:13.605{E265CAAD-1D8D-60B6-0A97-02000000C601}12208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191540Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:13.576{E265CAAD-1D8D-60B6-0997-02000000C601}13588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191528Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:13.089{E265CAAD-1D8D-60B6-0497-02000000C601}7580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191526Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:12.992{E265CAAD-1D8C-60B6-0397-02000000C601}11640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191520Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:12.895{E265CAAD-1D8C-60B6-0097-02000000C601}10280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191512Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:12.743{E265CAAD-1D8C-60B6-FC96-02000000C601}10228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191506Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:12.542{E265CAAD-1D8C-60B6-F996-02000000C601}6680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191502Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:12.486{E265CAAD-1D8C-60B6-F796-02000000C601}11504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191494Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:12.300{E265CAAD-1D8C-60B6-F396-02000000C601}9732C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191486Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:12.113{E265CAAD-1D8C-60B6-EF96-02000000C601}6288C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191484Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:12.050{E265CAAD-1D8C-60B6-EE96-02000000C601}12980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191478Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:11.804{E265CAAD-1D8B-60B6-EB96-02000000C601}10376C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191468Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:11.543{E265CAAD-1D8B-60B6-E696-02000000C601}13652C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191466Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:11.449{E265CAAD-1D8B-60B6-E596-02000000C601}4764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191458Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:11.249{E265CAAD-1D8B-60B6-E196-02000000C601}7700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191450Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:11.009{E265CAAD-1D8B-60B6-DD96-02000000C601}11380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191445Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:10.829{E265CAAD-1D8A-60B6-DB96-02000000C601}9524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191442Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:10.699{E265CAAD-1D8A-60B6-D996-02000000C601}12156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191432Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:10.329{E265CAAD-1D8A-60B6-D496-02000000C601}13376C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191430Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:10.249{E265CAAD-1D8A-60B6-D396-02000000C601}12664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191420Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:09.936{E265CAAD-1D89-60B6-CE96-02000000C601}11996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191416Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:09.769{E265CAAD-1D89-60B6-CC96-02000000C601}10176C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191412Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:09.260{E265CAAD-1D89-60B6-CA96-02000000C601}688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191404Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:08.839{E265CAAD-1D88-60B6-C696-02000000C601}9924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191396Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:08.385{E265CAAD-1D88-60B6-C296-02000000C601}12712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191394Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:08.272{E265CAAD-1D88-60B6-C196-02000000C601}6776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191385Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:07.622{E265CAAD-1D87-60B6-BD96-02000000C601}5052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191379Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:07.266{E265CAAD-1D87-60B6-B996-02000000C601}5020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191374Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:06.960{E265CAAD-1D86-60B6-B696-02000000C601}940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191363Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:06.453{E265CAAD-1D86-60B6-B096-02000000C601}13368C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191350Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:06.325{E265CAAD-1D86-60B6-AF96-02000000C601}14124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191250Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:05.789{E265CAAD-1D85-60B6-AA96-02000000C601}8380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191242Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:05.566{E265CAAD-1D85-60B6-A696-02000000C601}11692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191239Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:05.133{E265CAAD-1D85-60B6-A496-02000000C601}11460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191231Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:04.719{E265CAAD-1D84-60B6-A096-02000000C601}10920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191223Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:04.426{E265CAAD-1D84-60B6-9C96-02000000C601}9436C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191221Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:04.326{E265CAAD-1D84-60B6-9B96-02000000C601}11044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191213Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:04.147{E265CAAD-1D84-60B6-9796-02000000C601}12776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191205Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:03.849{E265CAAD-1D83-60B6-9396-02000000C601}13540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191201Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:03.620{E265CAAD-1D83-60B6-9196-02000000C601}10416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191197Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:03.493{E265CAAD-1D83-60B6-8F96-02000000C601}6704C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001191189Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:03.324{E265CAAD-1D83-60B6-8B96-02000000C601}7272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190716Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:02.526{E265CAAD-1D82-60B6-8596-02000000C601}4756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190714Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:02.370{E265CAAD-1D82-60B6-8496-02000000C601}2448C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190706Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:01.883{E265CAAD-1D81-60B6-8096-02000000C601}7940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190697Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:01.665{E265CAAD-1D81-60B6-7B96-02000000C601}2224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190694Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:01.308{E265CAAD-1D81-60B6-7996-02000000C601}7588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190688Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:01.122{E265CAAD-1D81-60B6-7696-02000000C601}7000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190678Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:00.879{E265CAAD-1D80-60B6-7196-02000000C601}7328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190674Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:00.757{E265CAAD-1D80-60B6-6F96-02000000C601}13648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190670Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:00.504{E265CAAD-1D80-60B6-6D96-02000000C601}2084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190660Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:00.207{E265CAAD-1D80-60B6-6896-02000000C601}12908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190658Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:44:00.109{E265CAAD-1D80-60B6-6796-02000000C601}8072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190650Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:59.757{E265CAAD-1D7F-60B6-6396-02000000C601}9492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190642Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:59.300{E265CAAD-1D7F-60B6-5F96-02000000C601}7140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190640Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:59.280{E265CAAD-1D7F-60B6-5E96-02000000C601}9608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190630Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:58.655{E265CAAD-1D7E-60B6-5996-02000000C601}8260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190628Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:58.589{E265CAAD-1D7E-60B6-5896-02000000C601}9220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190618Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:58.219{E265CAAD-1D7E-60B6-5396-02000000C601}10996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190615Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:58.152{E265CAAD-1D7E-60B6-5296-02000000C601}7084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190606Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:57.520{E265CAAD-1D7D-60B6-4D96-02000000C601}11896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190600Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:57.011{E265CAAD-1D7D-60B6-4A96-02000000C601}8132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190594Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:56.729{E265CAAD-1D7C-60B6-4796-02000000C601}11124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190592Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:56.584{E265CAAD-1D7C-60B6-4696-02000000C601}13020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190586Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:55.992{E265CAAD-1D7B-60B6-4396-02000000C601}11768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190580Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:54.828{E265CAAD-1D7A-60B6-4096-02000000C601}4740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190574Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:54.049{E265CAAD-1D7A-60B6-3D96-02000000C601}8688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190568Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:53.422{E265CAAD-1D79-60B6-3A96-02000000C601}3304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190562Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:52.649{E265CAAD-1D78-60B6-3796-02000000C601}5848C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190556Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:52.059{E265CAAD-1D78-60B6-3496-02000000C601}5384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190492Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:51.248{E265CAAD-1D77-60B6-2696-02000000C601}1180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190312Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:49.028{E265CAAD-1D75-60B6-1696-02000000C601}10964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001190058Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:39.214{E265CAAD-1D6B-60B6-E195-02000000C601}10720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189937Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:38.670{E265CAAD-1D6A-60B6-DC95-02000000C601}3700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189924Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:38.296{E265CAAD-1D6A-60B6-D795-02000000C601}14188C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189908Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:37.757{E265CAAD-1D69-60B6-D295-02000000C601}8244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189892Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:37.410{E265CAAD-1D69-60B6-CD95-02000000C601}8276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189876Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:36.919{E265CAAD-1D68-60B6-C895-02000000C601}2912C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189857Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:36.460{E265CAAD-1D68-60B6-C395-02000000C601}5136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189836Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:36.084{E265CAAD-1D68-60B6-BC95-02000000C601}8472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189815Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:35.702{E265CAAD-1D67-60B6-B695-02000000C601}12208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189794Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:35.320{E265CAAD-1D67-60B6-B095-02000000C601}10816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189778Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:35.028{E265CAAD-1D67-60B6-AB95-02000000C601}4888C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189757Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:34.575{E265CAAD-1D66-60B6-A595-02000000C601}3584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189738Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:34.086{E265CAAD-1D66-60B6-A095-02000000C601}13340C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189710Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:33.494{E265CAAD-1D65-60B6-9895-02000000C601}12984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189684Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:33.022{E265CAAD-1D65-60B6-9195-02000000C601}6020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189660Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:32.431{E265CAAD-1D64-60B6-8B95-02000000C601}8588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189637Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:31.642{E265CAAD-1D63-60B6-8495-02000000C601}7180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189631Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:31.132{E265CAAD-1D63-60B6-8195-02000000C601}12876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189602Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:30.621{E265CAAD-1D62-60B6-7A95-02000000C601}6732C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189562Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:30.215{E265CAAD-1D62-60B6-7095-02000000C601}13588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189558Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:30.167{E265CAAD-1D62-60B6-6D95-02000000C601}9004C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189510Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:29.758{E265CAAD-1D61-60B6-6195-02000000C601}3468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189506Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:29.724{E265CAAD-1D61-60B6-5F95-02000000C601}13284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189485Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:29.485{E265CAAD-1D61-60B6-5995-02000000C601}432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189467Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:29.293{E265CAAD-1D61-60B6-5395-02000000C601}8796C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189463Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:29.242{E265CAAD-1D61-60B6-5195-02000000C601}7600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189440Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:28.924{E265CAAD-1D60-60B6-4A95-02000000C601}13516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189429Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:28.763{E265CAAD-1D60-60B6-4695-02000000C601}2592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189415Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:28.605{E265CAAD-1D60-60B6-4295-02000000C601}3720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189385Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:28.339{E265CAAD-1D60-60B6-3995-02000000C601}3932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189376Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:28.253{E265CAAD-1D60-60B6-3695-02000000C601}4444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189348Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:27.943{E265CAAD-1D5F-60B6-2E95-02000000C601}10228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189334Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:27.803{E265CAAD-1D5F-60B6-2A95-02000000C601}5008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189316Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:27.458{E265CAAD-1D5F-60B6-2495-02000000C601}13920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189314Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:27.442{E265CAAD-1D5F-60B6-2395-02000000C601}11220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189306Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:27.067{E265CAAD-1D5F-60B6-1F95-02000000C601}10756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189300Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:26.868{E265CAAD-1D5E-60B6-1C95-02000000C601}7456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189294Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:26.665{E265CAAD-1D5E-60B6-1995-02000000C601}9224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189288Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:26.415{E265CAAD-1D5E-60B6-1695-02000000C601}3400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189284Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:26.249{E265CAAD-1D5E-60B6-1495-02000000C601}5028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189274Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:25.898{E265CAAD-1D5D-60B6-0F95-02000000C601}7624C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189272Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:25.836{E265CAAD-1D5D-60B6-0E95-02000000C601}8944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189262Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:25.477{E265CAAD-1D5D-60B6-0995-02000000C601}9372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189260Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:25.396{E265CAAD-1D5D-60B6-0895-02000000C601}576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189252Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:25.179{E265CAAD-1D5D-60B6-0495-02000000C601}12404C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189244Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:25.005{E265CAAD-1D5D-60B6-0095-02000000C601}13512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189242Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:24.939{E265CAAD-1D5C-60B6-FF94-02000000C601}12920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189234Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:24.779{E265CAAD-1D5C-60B6-FB94-02000000C601}10304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189226Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:24.578{E265CAAD-1D5C-60B6-F794-02000000C601}3392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189224Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:24.542{E265CAAD-1D5C-60B6-F694-02000000C601}4268C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189216Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:24.299{E265CAAD-1D5C-60B6-F294-02000000C601}6492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189210Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:24.100{E265CAAD-1D5C-60B6-EF94-02000000C601}4388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189206Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:24.033{E265CAAD-1D5C-60B6-ED94-02000000C601}11144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189196Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:23.609{E265CAAD-1D5B-60B6-E894-02000000C601}10552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189194Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:23.602{E265CAAD-1D5B-60B6-E794-02000000C601}10156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189186Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:23.295{E265CAAD-1D5B-60B6-E394-02000000C601}10988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189168Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:23.086{E265CAAD-1D5B-60B6-DD94-02000000C601}10468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189161Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:22.997{E265CAAD-1D5A-60B6-DB94-02000000C601}10712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189131Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:22.649{E265CAAD-1D5A-60B6-D294-02000000C601}13820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189122Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:22.524{E265CAAD-1D5A-60B6-CF94-02000000C601}8956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189108Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:22.372{E265CAAD-1D5A-60B6-CB94-02000000C601}4584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189095Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:22.169{E265CAAD-1D5A-60B6-C694-02000000C601}10232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189091Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:22.091{E265CAAD-1D5A-60B6-C494-02000000C601}5612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189080Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:21.931{E265CAAD-1D59-60B6-C094-02000000C601}7936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189065Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:21.708{E265CAAD-1D59-60B6-BA94-02000000C601}5148C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189056Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:21.568{E265CAAD-1D59-60B6-B794-02000000C601}8516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189047Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:21.487{E265CAAD-1D59-60B6-B494-02000000C601}13696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189039Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:21.205{E265CAAD-1D59-60B6-B094-02000000C601}7052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189031Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:20.925{E265CAAD-1D58-60B6-AC94-02000000C601}9312C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189029Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:20.865{E265CAAD-1D58-60B6-AB94-02000000C601}11584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189013Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:20.512{E265CAAD-1D58-60B6-A594-02000000C601}5560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001189011Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:20.495{E265CAAD-1D58-60B6-A494-02000000C601}6208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188997Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:20.053{E265CAAD-1D58-60B6-9D94-02000000C601}10044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188995Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:19.972{E265CAAD-1D57-60B6-9C94-02000000C601}5360C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188989Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:19.877{E265CAAD-1D57-60B6-9994-02000000C601}3480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188979Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:19.649{E265CAAD-1D57-60B6-9494-02000000C601}5500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188973Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:19.508{E265CAAD-1D57-60B6-9194-02000000C601}11576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188969Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:19.435{E265CAAD-1D57-60B6-8F94-02000000C601}10588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188965Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:19.384{E265CAAD-1D57-60B6-8D94-02000000C601}11712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188957Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:19.248{E265CAAD-1D57-60B6-8994-02000000C601}4184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188949Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:18.978{E265CAAD-1D56-60B6-8594-02000000C601}9252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188947Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:18.953{E265CAAD-1D56-60B6-8494-02000000C601}10104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188939Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:18.749{E265CAAD-1D56-60B6-8094-02000000C601}8088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188930Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:18.579{E265CAAD-1D56-60B6-7C94-02000000C601}13668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188926Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:18.485{E265CAAD-1D56-60B6-7A94-02000000C601}11864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188922Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:18.439{E265CAAD-1D56-60B6-7894-02000000C601}6932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188914Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:18.265{E265CAAD-1D56-60B6-7494-02000000C601}11936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188908Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:18.068{E265CAAD-1D56-60B6-7194-02000000C601}13624C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188904Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:17.985{E265CAAD-1D55-60B6-6F94-02000000C601}13048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188896Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:17.819{E265CAAD-1D55-60B6-6B94-02000000C601}13340C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188890Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:17.682{E265CAAD-1D55-60B6-6894-02000000C601}11464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188884Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:17.603{E265CAAD-1D55-60B6-6594-02000000C601}4556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188876Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:17.469{E265CAAD-1D55-60B6-6194-02000000C601}12624C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188870Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:17.378{E265CAAD-1D55-60B6-5E94-02000000C601}636C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188868Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:17.345{E265CAAD-1D55-60B6-5D94-02000000C601}5628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188860Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:16.965{E265CAAD-1D54-60B6-5994-02000000C601}12220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188854Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:16.718{E265CAAD-1D54-60B6-5694-02000000C601}12532C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188846Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:16.305{E265CAAD-1D54-60B6-5294-02000000C601}13328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188844Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:16.301{E265CAAD-1D54-60B6-5194-02000000C601}9968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188842Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:16.295{E265CAAD-1D54-60B6-5094-02000000C601}9540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188828Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.875{E265CAAD-1D53-60B6-4994-02000000C601}11268C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188826Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.870{E265CAAD-1D53-60B6-4894-02000000C601}4960C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188824Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.851{E265CAAD-1D53-60B6-4794-02000000C601}8108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188810Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.535{E265CAAD-1D53-60B6-4094-02000000C601}7460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188808Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.471{E265CAAD-1D53-60B6-3F94-02000000C601}852C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188806Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.455{E265CAAD-1D53-60B6-3E94-02000000C601}8252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188792Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.159{E265CAAD-1D53-60B6-3794-02000000C601}4164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188790Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.115{E265CAAD-1D53-60B6-3694-02000000C601}2572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188788Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:15.068{E265CAAD-1D53-60B6-3594-02000000C601}4068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188776Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:14.731{E265CAAD-1D52-60B6-2F94-02000000C601}12144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188774Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:14.672{E265CAAD-1D52-60B6-2E94-02000000C601}7984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188764Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:14.448{E265CAAD-1D52-60B6-2994-02000000C601}6308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188760Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:14.405{E265CAAD-1D52-60B6-2894-02000000C601}956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188752Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:14.039{E265CAAD-1D52-60B6-2394-02000000C601}5676C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188744Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:13.711{E265CAAD-1D51-60B6-1F94-02000000C601}5536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188742Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:13.685{E265CAAD-1D51-60B6-1E94-02000000C601}12108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188732Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:13.295{E265CAAD-1D51-60B6-1994-02000000C601}6700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188730Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:13.165{E265CAAD-1D51-60B6-1894-02000000C601}3584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188722Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:12.902{E265CAAD-1D50-60B6-1494-02000000C601}11024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188718Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:12.782{E265CAAD-1D50-60B6-1294-02000000C601}4964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188708Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:12.291{E265CAAD-1D50-60B6-0D94-02000000C601}11736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188706Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:12.288{E265CAAD-1D50-60B6-0C94-02000000C601}2580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188696Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:11.805{E265CAAD-1D4F-60B6-0794-02000000C601}12360C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188694Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:11.695{E265CAAD-1D4F-60B6-0694-02000000C601}12324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188682Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:11.368{E265CAAD-1D4F-60B6-0194-02000000C601}8924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188680Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:11.285{E265CAAD-1D4F-60B6-0094-02000000C601}11628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188672Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:11.009{E265CAAD-1D4F-60B6-FC93-02000000C601}2640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188663Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:10.593{E265CAAD-1D4E-60B6-F893-02000000C601}8284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188662Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:10.585{E265CAAD-1D4E-60B6-F793-02000000C601}13576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188660Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:10.558{E265CAAD-1D4E-60B6-F693-02000000C601}13172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188646Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:10.316{E265CAAD-1D4E-60B6-F093-02000000C601}7376C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188642Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:10.195{E265CAAD-1D4E-60B6-EF93-02000000C601}10692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188634Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:10.041{E265CAAD-1D4E-60B6-EB93-02000000C601}14172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188626Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:09.872{E265CAAD-1D4D-60B6-E793-02000000C601}8640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188624Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:09.820{E265CAAD-1D4D-60B6-E693-02000000C601}11352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188612Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:09.532{E265CAAD-1D4D-60B6-E093-02000000C601}7756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188610Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:09.521{E265CAAD-1D4D-60B6-DF93-02000000C601}11812C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188608Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:09.491{E265CAAD-1D4D-60B6-DE93-02000000C601}7416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188594Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:09.215{E265CAAD-1D4D-60B6-D793-02000000C601}5376C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188592Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:09.156{E265CAAD-1D4D-60B6-D693-02000000C601}14252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188590Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:09.075{E265CAAD-1D4D-60B6-D593-02000000C601}13952C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188580Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:08.871{E265CAAD-1D4C-60B6-D093-02000000C601}6512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188574Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:08.775{E265CAAD-1D4C-60B6-CD93-02000000C601}12668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188566Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:08.644{E265CAAD-1D4C-60B6-C993-02000000C601}5224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188558Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:08.465{E265CAAD-1D4C-60B6-C593-02000000C601}13532C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188556Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:08.358{E265CAAD-1D4C-60B6-C493-02000000C601}8820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188554Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:08.356{E265CAAD-1D4C-60B6-C393-02000000C601}1668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188544Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:08.207{E265CAAD-1D4C-60B6-BE93-02000000C601}9772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188534Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:07.967{E265CAAD-1D4B-60B6-B993-02000000C601}3680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188532Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:07.948{E265CAAD-1D4B-60B6-B893-02000000C601}11416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188526Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:07.770{E265CAAD-1D4B-60B6-B593-02000000C601}7324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188517Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:07.360{E265CAAD-1D4B-60B6-B093-02000000C601}4348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188513Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:07.284{E265CAAD-1D4B-60B6-AE93-02000000C601}13944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188507Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:07.183{E265CAAD-1D4B-60B6-AB93-02000000C601}5428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188505Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:07.128{E265CAAD-1D4B-60B6-AA93-02000000C601}5752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188494Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:06.671{E265CAAD-1D4A-60B6-A593-02000000C601}12244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188488Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:06.506{E265CAAD-1D4A-60B6-A193-02000000C601}5516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188486Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:06.446{E265CAAD-1D4A-60B6-A093-02000000C601}7292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188477Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:06.175{E265CAAD-1D4A-60B6-9B93-02000000C601}11068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188468Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:05.640{E265CAAD-1D49-60B6-9693-02000000C601}8604C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188466Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:05.629{E265CAAD-1D49-60B6-9593-02000000C601}6196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188455Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:05.075{E265CAAD-1D49-60B6-8F93-02000000C601}10296C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188449Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:04.929{E265CAAD-1D48-60B6-8C93-02000000C601}9564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188447Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:04.875{E265CAAD-1D48-60B6-8B93-02000000C601}11336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188439Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:04.696{E265CAAD-1D48-60B6-8793-02000000C601}13352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188431Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:04.549{E265CAAD-1D48-60B6-8393-02000000C601}6392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188425Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:04.368{E265CAAD-1D48-60B6-8093-02000000C601}8312C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188423Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:04.311{E265CAAD-1D48-60B6-7F93-02000000C601}12552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188415Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:04.165{E265CAAD-1D48-60B6-7B93-02000000C601}13988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188407Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:03.952{E265CAAD-1D47-60B6-7793-02000000C601}1752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188405Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:03.872{E265CAAD-1D47-60B6-7693-02000000C601}11260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188399Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:03.632{E265CAAD-1D47-60B6-7393-02000000C601}9440C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188391Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:03.379{E265CAAD-1D47-60B6-6F93-02000000C601}14160C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188383Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:03.028{E265CAAD-1D47-60B6-6B93-02000000C601}10340C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188381Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:03.003{E265CAAD-1D47-60B6-6A93-02000000C601}13564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188373Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:02.719{E265CAAD-1D46-60B6-6693-02000000C601}5700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188365Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:02.489{E265CAAD-1D46-60B6-6293-02000000C601}13280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188363Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:02.370{E265CAAD-1D46-60B6-6193-02000000C601}13928C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188352Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:01.811{E265CAAD-1D45-60B6-5B93-02000000C601}8572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188345Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:01.068{E265CAAD-1D45-60B6-5793-02000000C601}11708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188343Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:01.014{E265CAAD-1D45-60B6-5693-02000000C601}11848C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188337Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:43:00.199{E265CAAD-1D44-60B6-5393-02000000C601}8704C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001188331Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:58.808{E265CAAD-1D42-60B6-5093-02000000C601}14024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186674Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:16.536{E265CAAD-1D18-60B6-E392-02000000C601}3772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186668Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:16.413{E265CAAD-1D18-60B6-E092-02000000C601}11876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186657Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:16.232{E265CAAD-1D18-60B6-DC92-02000000C601}5740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186646Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:16.051{E265CAAD-1D18-60B6-D892-02000000C601}9844C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186635Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:15.848{E265CAAD-1D17-60B6-D492-02000000C601}12868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186624Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:15.422{E265CAAD-1D17-60B6-D092-02000000C601}8600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186613Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:15.212{E265CAAD-1D17-60B6-CC92-02000000C601}7724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186602Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:14.950{E265CAAD-1D16-60B6-C892-02000000C601}6276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186593Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:14.779{E265CAAD-1D16-60B6-C592-02000000C601}14020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186582Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:14.465{E265CAAD-1D16-60B6-C192-02000000C601}13148C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186574Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:14.212{E265CAAD-1D16-60B6-BD92-02000000C601}14172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186563Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:14.018{E265CAAD-1D16-60B6-B992-02000000C601}7780C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186552Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:13.831{E265CAAD-1D15-60B6-B592-02000000C601}9972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186543Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:13.701{E265CAAD-1D15-60B6-B292-02000000C601}5244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186535Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:13.388{E265CAAD-1D15-60B6-AE92-02000000C601}11900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186521Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:13.066{E265CAAD-1D15-60B6-AA92-02000000C601}9996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186513Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:12.795{E265CAAD-1D14-60B6-A692-02000000C601}6640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186504Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:12.532{E265CAAD-1D14-60B6-A392-02000000C601}4492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186494Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:12.293{E265CAAD-1D14-60B6-9E92-02000000C601}6804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186486Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:12.122{E265CAAD-1D14-60B6-9A92-02000000C601}11664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186484Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:12.096{E265CAAD-1D14-60B6-9992-02000000C601}14324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186474Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:11.547{E265CAAD-1D13-60B6-9492-02000000C601}8056C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186470Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:11.431{E265CAAD-1D13-60B6-9292-02000000C601}4428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186466Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:11.357{E265CAAD-1D13-60B6-9092-02000000C601}10216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186456Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:11.106{E265CAAD-1D13-60B6-8B92-02000000C601}10820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186452Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:10.982{E265CAAD-1D12-60B6-8992-02000000C601}13768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186448Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:10.495{E265CAAD-1D12-60B6-8792-02000000C601}2640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186438Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:10.182{E265CAAD-1D12-60B6-8292-02000000C601}9784C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186436Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:10.125{E265CAAD-1D12-60B6-8192-02000000C601}4600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186428Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:09.849{E265CAAD-1D11-60B6-7D92-02000000C601}11112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186420Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:09.660{E265CAAD-1D11-60B6-7992-02000000C601}2916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186418Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:09.619{E265CAAD-1D11-60B6-7892-02000000C601}5044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186408Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:09.362{E265CAAD-1D11-60B6-7392-02000000C601}4328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186406Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:09.289{E265CAAD-1D11-60B6-7292-02000000C601}11352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186396Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:07.046{E265CAAD-1D0F-60B6-6C92-02000000C601}11256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186387Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:06.612{E265CAAD-1D0E-60B6-6792-02000000C601}9064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186381Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:06.098{E265CAAD-1D0E-60B6-6492-02000000C601}8552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186373Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:01.075{E265CAAD-1D09-60B6-5E92-02000000C601}11700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186367Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:00.485{E265CAAD-1D08-60B6-5B92-02000000C601}6676C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186361Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:42:00.139{E265CAAD-1D08-60B6-5892-02000000C601}8508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186355Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:59.765{E265CAAD-1D07-60B6-5592-02000000C601}3480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186349Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:59.474{E265CAAD-1D07-60B6-5292-02000000C601}4408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186343Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:58.872{E265CAAD-1D06-60B6-4F92-02000000C601}14212C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186335Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:58.569{E265CAAD-1D06-60B6-4B92-02000000C601}13148C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186333Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:58.456{E265CAAD-1D06-60B6-4A92-02000000C601}12832C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186325Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:58.222{E265CAAD-1D06-60B6-4692-02000000C601}12216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186319Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:58.014{E265CAAD-1D06-60B6-4392-02000000C601}6956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186311Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:57.769{E265CAAD-1D05-60B6-3F92-02000000C601}6708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186309Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:57.429{E265CAAD-1D05-60B6-3E92-02000000C601}9872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186299Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:56.402{E265CAAD-1D04-60B6-3992-02000000C601}8900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186297Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:56.264{E265CAAD-1D04-60B6-3892-02000000C601}8632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186287Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:55.739{E265CAAD-1D03-60B6-3392-02000000C601}12744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186285Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:55.675{E265CAAD-1D03-60B6-3292-02000000C601}13592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186277Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:55.318{E265CAAD-1D03-60B6-2E92-02000000C601}8416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186269Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:55.142{E265CAAD-1D03-60B6-2A92-02000000C601}10896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186267Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:55.082{E265CAAD-1D03-60B6-2992-02000000C601}1200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186259Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:54.759{E265CAAD-1D02-60B6-2592-02000000C601}12032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186253Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:54.523{E265CAAD-1D02-60B6-2292-02000000C601}8564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186247Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:54.370{E265CAAD-1D02-60B6-1F92-02000000C601}7292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186239Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:54.085{E265CAAD-1D02-60B6-1B92-02000000C601}1628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186237Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:53.985{E265CAAD-1D01-60B6-1A92-02000000C601}6940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186227Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:53.522{E265CAAD-1D01-60B6-1592-02000000C601}7024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186225Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:53.503{E265CAAD-1D01-60B6-1492-02000000C601}4972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186215Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:53.172{E265CAAD-1D01-60B6-0F92-02000000C601}3652C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186211Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:53.039{E265CAAD-1D01-60B6-0D92-02000000C601}10168C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186207Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:52.789{E265CAAD-1D00-60B6-0B92-02000000C601}5280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186196Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:52.240{E265CAAD-1D00-60B6-0592-02000000C601}8644C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186195Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:52.250{E265CAAD-1D00-60B6-0692-02000000C601}176C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186187Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:51.617{E265CAAD-1CFF-60B6-0192-02000000C601}10844C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186181Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:51.352{E265CAAD-1CFF-60B6-FE91-02000000C601}7280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186175Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:51.118{E265CAAD-1CFF-60B6-FB91-02000000C601}8276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186169Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:50.796{E265CAAD-1CFE-60B6-F891-02000000C601}12520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186163Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:50.616{E265CAAD-1CFE-60B6-F591-02000000C601}10140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186157Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:50.365{E265CAAD-1CFE-60B6-F291-02000000C601}11620C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186151Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:50.174{E265CAAD-1CFE-60B6-EF91-02000000C601}6284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186143Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:49.545{E265CAAD-1CFD-60B6-EB91-02000000C601}9056C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186141Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:49.457{E265CAAD-1CFD-60B6-EA91-02000000C601}9396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186131Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:48.953{E265CAAD-1CFC-60B6-E591-02000000C601}6356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186129Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:48.912{E265CAAD-1CFC-60B6-E491-02000000C601}13688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186121Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:48.576{E265CAAD-1CFC-60B6-E091-02000000C601}5180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186113Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:48.240{E265CAAD-1CFC-60B6-DC91-02000000C601}1080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186111Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:47.962{E265CAAD-1CFB-60B6-DB91-02000000C601}8004C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186101Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:47.545{E265CAAD-1CFB-60B6-D691-02000000C601}8968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186099Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:47.508{E265CAAD-1CFB-60B6-D591-02000000C601}13352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186089Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:47.146{E265CAAD-1CFB-60B6-D091-02000000C601}14148C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186087Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:47.098{E265CAAD-1CFB-60B6-CF91-02000000C601}12596C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186079Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:46.719{E265CAAD-1CFA-60B6-CB91-02000000C601}5076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186071Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:46.121{E265CAAD-1CFA-60B6-C791-02000000C601}9972C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186069Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:45.979{E265CAAD-1CF9-60B6-C691-02000000C601}7180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186061Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:44.792{E265CAAD-1CF8-60B6-C291-02000000C601}4120C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186055Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:44.492{E265CAAD-1CF8-60B6-BF91-02000000C601}4208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186049Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:44.341{E265CAAD-1CF8-60B6-BC91-02000000C601}5752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186041Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:44.085{E265CAAD-1CF8-60B6-B891-02000000C601}9048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186037Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:43.915{E265CAAD-1CF7-60B6-B691-02000000C601}11460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186031Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:43.659{E265CAAD-1CF7-60B6-B391-02000000C601}12568C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186027Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:43.475{E265CAAD-1CF7-60B6-B191-02000000C601}9208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186017Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:43.176{E265CAAD-1CF7-60B6-AC91-02000000C601}6560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186015Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:43.059{E265CAAD-1CF7-60B6-AB91-02000000C601}4356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186005Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:42.662{E265CAAD-1CF6-60B6-A691-02000000C601}1448C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001186003Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:42.580{E265CAAD-1CF6-60B6-A591-02000000C601}10068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185993Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:42.132{E265CAAD-1CF6-60B6-A091-02000000C601}9380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185991Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:41.968{E265CAAD-1CF5-60B6-9F91-02000000C601}14172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185983Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:41.703{E265CAAD-1CF5-60B6-9B91-02000000C601}12788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185977Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:41.429{E265CAAD-1CF5-60B6-9891-02000000C601}10260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185973Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:41.295{E265CAAD-1CF5-60B6-9691-02000000C601}4168C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185963Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:40.345{E265CAAD-1CF4-60B6-9191-02000000C601}12144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185961Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:40.260{E265CAAD-1CF4-60B6-9091-02000000C601}12116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185951Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:39.571{E265CAAD-1CF3-60B6-8B91-02000000C601}13372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185949Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:39.542{E265CAAD-1CF3-60B6-8A91-02000000C601}13356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185941Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:39.299{E265CAAD-1CF3-60B6-8691-02000000C601}7996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185933Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:38.793{E265CAAD-1CF2-60B6-8291-02000000C601}10580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185927Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:38.192{E265CAAD-1CF2-60B6-7F91-02000000C601}4352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185925Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:38.084{E265CAAD-1CF2-60B6-7E91-02000000C601}5260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185919Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:37.807{E265CAAD-1CF1-60B6-7B91-02000000C601}6828C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185913Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:37.572{E265CAAD-1CF1-60B6-7891-02000000C601}12016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185907Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:37.155{E265CAAD-1CF1-60B6-7591-02000000C601}8760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185901Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:36.839{E265CAAD-1CF0-60B6-7291-02000000C601}13484C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185895Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:36.412{E265CAAD-1CF0-60B6-6F91-02000000C601}4776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185889Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:35.435{E265CAAD-1CEF-60B6-6C91-02000000C601}6272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185883Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:34.848{E265CAAD-1CEE-60B6-6991-02000000C601}9192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185877Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:34.342{E265CAAD-1CEE-60B6-6691-02000000C601}14260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001185871Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:33.628{E265CAAD-1CED-60B6-6391-02000000C601}5500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184891Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:01.315{E265CAAD-1CCD-60B6-1D91-02000000C601}10956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184415Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:00.469{E265CAAD-1CCC-60B6-1991-02000000C601}6836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184407Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:41:00.134{E265CAAD-1CCC-60B6-1591-02000000C601}7456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184401Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:59.840{E265CAAD-1CCB-60B6-1291-02000000C601}6032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184395Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:59.692{E265CAAD-1CCB-60B6-0F91-02000000C601}3800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184389Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:59.627{E265CAAD-1CCB-60B6-0C91-02000000C601}12916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184383Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:59.508{E265CAAD-1CCB-60B6-0991-02000000C601}6608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184377Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:59.249{E265CAAD-1CCB-60B6-0691-02000000C601}13592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184371Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:59.206{E265CAAD-1CCB-60B6-0391-02000000C601}13864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184365Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:59.013{E265CAAD-1CCB-60B6-0091-02000000C601}9204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184359Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:58.821{E265CAAD-1CCA-60B6-FD90-02000000C601}5128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184353Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:58.418{E265CAAD-1CCA-60B6-FA90-02000000C601}8564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184347Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:58.322{E265CAAD-1CCA-60B6-F790-02000000C601}13560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184341Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:58.106{E265CAAD-1CCA-60B6-F490-02000000C601}12616C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184335Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:58.004{E265CAAD-1CCA-60B6-F190-02000000C601}11128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184329Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:57.828{E265CAAD-1CC9-60B6-EE90-02000000C601}5908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184323Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:57.611{E265CAAD-1CC9-60B6-EB90-02000000C601}11740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184317Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:57.510{E265CAAD-1CC9-60B6-E890-02000000C601}10064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184311Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:57.278{E265CAAD-1CC9-60B6-E590-02000000C601}5740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184305Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:57.200{E265CAAD-1CC9-60B6-E290-02000000C601}10780C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184299Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:57.132{E265CAAD-1CC9-60B6-DF90-02000000C601}9944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184280Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:56.737{E265CAAD-1CC8-60B6-DA90-02000000C601}9104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184262Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:56.343{E265CAAD-1CC8-60B6-D490-02000000C601}1776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184246Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:55.970{E265CAAD-1CC7-60B6-CF90-02000000C601}10380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184230Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:55.584{E265CAAD-1CC7-60B6-CA90-02000000C601}4392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184214Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:55.018{E265CAAD-1CC7-60B6-C590-02000000C601}9020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184193Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:53.963{E265CAAD-1CC5-60B6-BF90-02000000C601}7556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184182Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:53.821{E265CAAD-1CC5-60B6-BB90-02000000C601}6352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184166Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:53.550{E265CAAD-1CC5-60B6-B690-02000000C601}11628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184150Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:53.256{E265CAAD-1CC5-60B6-B190-02000000C601}1512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184136Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:52.981{E265CAAD-1CC4-60B6-AD90-02000000C601}14092C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184125Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:52.751{E265CAAD-1CC4-60B6-A990-02000000C601}8380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184117Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:52.621{E265CAAD-1CC4-60B6-A590-02000000C601}6072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184101Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:52.048{E265CAAD-1CC4-60B6-A090-02000000C601}5624C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184090Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:51.884{E265CAAD-1CC3-60B6-9C90-02000000C601}12000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184076Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:51.632{E265CAAD-1CC3-60B6-9890-02000000C601}2508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184063Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:51.300{E265CAAD-1CC3-60B6-9390-02000000C601}9608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184052Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:50.969{E265CAAD-1CC2-60B6-8F90-02000000C601}14056C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184041Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:50.671{E265CAAD-1CC2-60B6-8B90-02000000C601}4072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184027Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:50.473{E265CAAD-1CC2-60B6-8790-02000000C601}8632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001184014Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:49.826{E265CAAD-1CC1-60B6-8290-02000000C601}8908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183993Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:49.033{E265CAAD-1CC1-60B6-7C90-02000000C601}1692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183959Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:47.889{E265CAAD-1CBF-60B6-7490-02000000C601}12904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183933Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:47.435{E265CAAD-1CBF-60B6-6D90-02000000C601}7984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183907Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:46.748{E265CAAD-1CBE-60B6-6690-02000000C601}13676C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183879Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:46.004{E265CAAD-1CBE-60B6-5E90-02000000C601}4548C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183858Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:44.968{E265CAAD-1CBC-60B6-5890-02000000C601}12724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183843Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:44.336{E265CAAD-1CBC-60B6-5290-02000000C601}5424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183841Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:44.326{E265CAAD-1CBC-60B6-5190-02000000C601}10620C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183833Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:43.975{E265CAAD-1CBB-60B6-4D90-02000000C601}4348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183827Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:43.523{E265CAAD-1CBB-60B6-4A90-02000000C601}4112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183823Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:43.244{E265CAAD-1CBB-60B6-4790-02000000C601}4768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183813Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:42.854{E265CAAD-1CBA-60B6-4390-02000000C601}2476C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183807Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:42.574{E265CAAD-1CBA-60B6-4090-02000000C601}13016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183801Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:42.122{E265CAAD-1CBA-60B6-3D90-02000000C601}184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183799Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:41.988{E265CAAD-1CB9-60B6-3C90-02000000C601}13604C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183793Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:41.745{E265CAAD-1CB9-60B6-3990-02000000C601}4432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183783Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:41.209{E265CAAD-1CB9-60B6-3490-02000000C601}12412C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183777Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:40.859{E265CAAD-1CB8-60B6-3190-02000000C601}1668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183775Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:40.794{E265CAAD-1CB8-60B6-3090-02000000C601}9420C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183767Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:40.487{E265CAAD-1CB8-60B6-2C90-02000000C601}12356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183761Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:40.365{E265CAAD-1CB8-60B6-2990-02000000C601}10224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183753Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:40.138{E265CAAD-1CB8-60B6-2590-02000000C601}11536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183751Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:39.965{E265CAAD-1CB7-60B6-2490-02000000C601}8400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183745Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:39.700{E265CAAD-1CB7-60B6-2190-02000000C601}13240C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183735Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:39.525{E265CAAD-1CB7-60B6-1C90-02000000C601}14264C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183733Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:39.454{E265CAAD-1CB7-60B6-1B90-02000000C601}8016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183723Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:38.815{E265CAAD-1CB6-60B6-1690-02000000C601}5108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183717Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:38.543{E265CAAD-1CB6-60B6-1390-02000000C601}2496C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183711Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:38.334{E265CAAD-1CB6-60B6-1090-02000000C601}11024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183705Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:38.029{E265CAAD-1CB6-60B6-0D90-02000000C601}7988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183699Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:37.819{E265CAAD-1CB5-60B6-0A90-02000000C601}9440C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183693Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:37.562{E265CAAD-1CB5-60B6-0790-02000000C601}11688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183687Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:37.291{E265CAAD-1CB5-60B6-0490-02000000C601}12716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183681Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:37.078{E265CAAD-1CB5-60B6-0190-02000000C601}13844C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183677Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:36.965{E265CAAD-1CB4-60B6-FF8F-02000000C601}10964C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183669Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:36.605{E265CAAD-1CB4-60B6-FB8F-02000000C601}6000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183667Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:36.565{E265CAAD-1CB4-60B6-FA8F-02000000C601}5228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183657Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:36.245{E265CAAD-1CB4-60B6-F58F-02000000C601}12468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183655Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:36.205{E265CAAD-1CB4-60B6-F48F-02000000C601}9844C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183645Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:35.955{E265CAAD-1CB3-60B6-EF8F-02000000C601}12980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183640Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:35.710{E265CAAD-1CB3-60B6-ED8F-02000000C601}12148C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183636Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:35.608{E265CAAD-1CB3-60B6-EB8F-02000000C601}6748C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183628Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:35.385{E265CAAD-1CB3-60B6-E78F-02000000C601}5944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183620Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:35.120{E265CAAD-1CB3-60B6-E38F-02000000C601}12140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183618Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:35.099{E265CAAD-1CB3-60B6-E28F-02000000C601}2404C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183610Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:34.764{E265CAAD-1CB2-60B6-DE8F-02000000C601}6992C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183604Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:34.064{E265CAAD-1CB2-60B6-DB8F-02000000C601}8300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-CBBE-60B5-930A-01000000C601}3804C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183600Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:33.934{E265CAAD-1CB1-60B6-D98F-02000000C601}13788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183594Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:33.258{E265CAAD-1CB1-60B6-D68F-02000000C601}6348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183588Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:32.878{E265CAAD-1CB0-60B6-D38F-02000000C601}9004C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183582Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:32.377{E265CAAD-1CB0-60B6-D08F-02000000C601}10732C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183576Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:31.872{E265CAAD-1CAF-60B6-CD8F-02000000C601}11584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183570Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:31.496{E265CAAD-1CAF-60B6-CA8F-02000000C601}5008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183564Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:31.232{E265CAAD-1CAF-60B6-C78F-02000000C601}11836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183558Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:30.965{E265CAAD-1CAE-60B6-C48F-02000000C601}11920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183552Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:30.295{E265CAAD-1CAE-60B6-C18F-02000000C601}10596C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183546Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:30.035{E265CAAD-1CAE-60B6-BE8F-02000000C601}12932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183540Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:29.711{E265CAAD-1CAD-60B6-BB8F-02000000C601}2312C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183534Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:29.358{E265CAAD-1CAD-60B6-B88F-02000000C601}13948C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183527Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:28.844{E265CAAD-1CAC-60B6-B58F-02000000C601}8896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183521Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:28.640{E265CAAD-1CAC-60B6-B28F-02000000C601}9308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183515Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:28.368{E265CAAD-1CAC-60B6-AF8F-02000000C601}11352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183509Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:28.169{E265CAAD-1CAC-60B6-AC8F-02000000C601}6712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183503Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:27.879{E265CAAD-1CAB-60B6-A98F-02000000C601}11144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183497Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:27.575{E265CAAD-1CAB-60B6-A68F-02000000C601}7024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183491Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:27.195{E265CAAD-1CAB-60B6-A38F-02000000C601}13480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183485Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:25.925{E265CAAD-1CA9-60B6-A08F-02000000C601}4364C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183479Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:25.609{E265CAAD-1CA9-60B6-9D8F-02000000C601}7704C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183473Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:25.255{E265CAAD-1CA9-60B6-9A8F-02000000C601}4500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183466Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:25.012{E265CAAD-1CA9-60B6-978F-02000000C601}12876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183460Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:24.682{E265CAAD-1CA8-60B6-948F-02000000C601}13232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183454Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:24.393{E265CAAD-1CA8-60B6-918F-02000000C601}7316C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183448Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:23.993{E265CAAD-1CA7-60B6-8E8F-02000000C601}9244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183442Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:23.448{E265CAAD-1CA7-60B6-8B8F-02000000C601}5536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183436Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:23.023{E265CAAD-1CA7-60B6-888F-02000000C601}7788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183430Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:22.732{E265CAAD-1CA6-60B6-858F-02000000C601}11488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183424Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:22.479{E265CAAD-1CA6-60B6-828F-02000000C601}5888C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183418Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:22.201{E265CAAD-1CA6-60B6-7F8F-02000000C601}11548C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183412Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:21.875{E265CAAD-1CA5-60B6-7C8F-02000000C601}12012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183406Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:21.465{E265CAAD-1CA5-60B6-798F-02000000C601}12580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001183400Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:40:18.794{E265CAAD-1CA2-60B6-768F-02000000C601}14136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-856B-60B5-4442-00000000C601}9780C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182307Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:59.109{E265CAAD-1C53-60B6-278F-02000000C601}8128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182282Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:58.791{E265CAAD-1C52-60B6-208F-02000000C601}10652C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182253Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:58.415{E265CAAD-1C52-60B6-188F-02000000C601}3552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182222Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:58.128{E265CAAD-1C52-60B6-108F-02000000C601}11660C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182201Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:57.836{E265CAAD-1C51-60B6-0A8F-02000000C601}4528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182180Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:57.508{E265CAAD-1C51-60B6-048F-02000000C601}6292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182159Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:57.213{E265CAAD-1C51-60B6-FE8E-02000000C601}10028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182130Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:55.994{E265CAAD-1C4F-60B6-F68E-02000000C601}7816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182092Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:55.590{E265CAAD-1C4F-60B6-ED8E-02000000C601}3500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182073Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:55.355{E265CAAD-1C4F-60B6-E88E-02000000C601}6668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182062Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:55.185{E265CAAD-1C4F-60B6-E48E-02000000C601}6620C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182049Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:55.013{E265CAAD-1C4F-60B6-DF8E-02000000C601}12880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182038Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:54.865{E265CAAD-1C4E-60B6-DB8E-02000000C601}5924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182017Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:54.571{E265CAAD-1C4E-60B6-D58E-02000000C601}8400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001182001Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:54.411{E265CAAD-1C4E-60B6-D08E-02000000C601}12124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181980Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:54.181{E265CAAD-1C4E-60B6-CA8E-02000000C601}6820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181969Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:54.028{E265CAAD-1C4E-60B6-C68E-02000000C601}9728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181953Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:53.852{E265CAAD-1C4D-60B6-C18E-02000000C601}2856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181942Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:53.681{E265CAAD-1C4D-60B6-BD8E-02000000C601}7900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181926Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:53.488{E265CAAD-1C4D-60B6-B88E-02000000C601}10648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181915Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:53.329{E265CAAD-1C4D-60B6-B48E-02000000C601}8704C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181901Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:53.122{E265CAAD-1C4D-60B6-B08E-02000000C601}1228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181893Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:52.984{E265CAAD-1C4C-60B6-AC8E-02000000C601}3692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181887Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:52.805{E265CAAD-1C4C-60B6-A98E-02000000C601}6196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181876Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:52.658{E265CAAD-1C4C-60B6-A58E-02000000C601}13328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181866Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:52.478{E265CAAD-1C4C-60B6-A08E-02000000C601}10096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181864Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:52.442{E265CAAD-1C4C-60B6-9F8E-02000000C601}10840C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181856Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:52.303{E265CAAD-1C4C-60B6-9B8E-02000000C601}10140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181850Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:52.187{E265CAAD-1C4C-60B6-988E-02000000C601}9020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181846Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:52.072{E265CAAD-1C4C-60B6-968E-02000000C601}11796C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181836Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:51.888{E265CAAD-1C4B-60B6-918E-02000000C601}10072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181834Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:51.881{E265CAAD-1C4B-60B6-908E-02000000C601}8244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181824Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:51.734{E265CAAD-1C4B-60B6-8B8E-02000000C601}10980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181821Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:51.651{E265CAAD-1C4B-60B6-8A8E-02000000C601}10724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181812Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:51.522{E265CAAD-1C4B-60B6-858E-02000000C601}10308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181810Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:51.456{E265CAAD-1C4B-60B6-848E-02000000C601}4776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181800Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:51.194{E265CAAD-1C4B-60B6-7F8E-02000000C601}7084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181796Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:51.133{E265CAAD-1C4B-60B6-7E8E-02000000C601}4492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181787Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.901{E265CAAD-1C4A-60B6-798E-02000000C601}6140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181786Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.888{E265CAAD-1C4A-60B6-788E-02000000C601}6524C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181776Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.724{E265CAAD-1C4A-60B6-738E-02000000C601}10588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181774Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.681{E265CAAD-1C4A-60B6-728E-02000000C601}6984C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181766Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.481{E265CAAD-1C4A-60B6-6E8E-02000000C601}8024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181758Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.365{E265CAAD-1C4A-60B6-6A8E-02000000C601}7248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181756Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.355{E265CAAD-1C4A-60B6-698E-02000000C601}8516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181746Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.184{E265CAAD-1C4A-60B6-648E-02000000C601}5164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181742Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:50.088{E265CAAD-1C4A-60B6-638E-02000000C601}6184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181724Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:49.921{E265CAAD-1C49-60B6-5E8E-02000000C601}14240C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181721Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:49.821{E265CAAD-1C49-60B6-5D8E-02000000C601}11412C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181716Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:49.668{E265CAAD-1C49-60B6-5A8E-02000000C601}3032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181710Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:49.478{E265CAAD-1C49-60B6-578E-02000000C601}4452C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181704Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:49.329{E265CAAD-1C49-60B6-548E-02000000C601}9304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181698Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:49.206{E265CAAD-1C49-60B6-518E-02000000C601}8064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181692Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:48.999{E265CAAD-1C48-60B6-4E8E-02000000C601}3448C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181686Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:48.708{E265CAAD-1C48-60B6-4B8E-02000000C601}13828C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181676Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:47.401{E265CAAD-1C47-60B6-468E-02000000C601}8112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181670Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:47.304{E265CAAD-1C47-60B6-438E-02000000C601}12944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181664Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:47.194{E265CAAD-1C47-60B6-408E-02000000C601}13648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181658Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:47.028{E265CAAD-1C47-60B6-3D8E-02000000C601}6128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181652Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:46.811{E265CAAD-1C46-60B6-3A8E-02000000C601}12176C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181646Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:46.634{E265CAAD-1C46-60B6-378E-02000000C601}2912C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181640Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:46.451{E265CAAD-1C46-60B6-348E-02000000C601}11384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181638Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:46.440{E265CAAD-1C46-60B6-338E-02000000C601}6752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181627Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:46.278{E265CAAD-1C46-60B6-2E8E-02000000C601}7108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181621Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:46.168{E265CAAD-1C46-60B6-2B8E-02000000C601}8488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181619Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:46.164{E265CAAD-1C46-60B6-2A8E-02000000C601}11680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181610Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.965{E265CAAD-1C45-60B6-268E-02000000C601}12820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181603Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.851{E265CAAD-1C45-60B6-228E-02000000C601}5448C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181601Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.807{E265CAAD-1C45-60B6-218E-02000000C601}2756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181593Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.738{E265CAAD-1C45-60B6-1D8E-02000000C601}7504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181586Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.630{E265CAAD-1C45-60B6-1A8E-02000000C601}4372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181579Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.511{E265CAAD-1C45-60B6-168E-02000000C601}3088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181577Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.505{E265CAAD-1C45-60B6-158E-02000000C601}3132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181569Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.350{E265CAAD-1C45-60B6-118E-02000000C601}9244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181562Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.248{E265CAAD-1C45-60B6-0E8E-02000000C601}4336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181555Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.143{E265CAAD-1C45-60B6-0A8E-02000000C601}13096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181553Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.127{E265CAAD-1C45-60B6-098E-02000000C601}13392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181545Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:45.028{E265CAAD-1C45-60B6-058E-02000000C601}5552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181537Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.881{E265CAAD-1C44-60B6-018E-02000000C601}4072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181533Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.793{E265CAAD-1C44-60B6-FF8D-02000000C601}12656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181529Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.765{E265CAAD-1C44-60B6-FD8D-02000000C601}13404C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181521Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.622{E265CAAD-1C44-60B6-F98D-02000000C601}3052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181513Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.556{E265CAAD-1C44-60B6-F58D-02000000C601}10692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181511Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.511{E265CAAD-1C44-60B6-F38D-02000000C601}1080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181505Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.451{E265CAAD-1C44-60B6-F18D-02000000C601}4540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181495Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.303{E265CAAD-1C44-60B6-EC8D-02000000C601}12908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181491Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.239{E265CAAD-1C44-60B6-EA8D-02000000C601}11764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181487Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.201{E265CAAD-1C44-60B6-E88D-02000000C601}1528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181480Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.136{E265CAAD-1C44-60B6-E58D-02000000C601}6480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181473Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:44.038{E265CAAD-1C44-60B6-E18D-02000000C601}14020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181465Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.918{E265CAAD-1C43-60B6-DD8D-02000000C601}3120C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181461Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.874{E265CAAD-1C43-60B6-DB8D-02000000C601}4224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181457Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.818{E265CAAD-1C43-60B6-D98D-02000000C601}8344C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181449Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.742{E265CAAD-1C43-60B6-D58D-02000000C601}9596C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181441Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.622{E265CAAD-1C43-60B6-D18D-02000000C601}14224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181435Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.544{E265CAAD-1C43-60B6-CE8D-02000000C601}8276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181433Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.512{E265CAAD-1C43-60B6-CD8D-02000000C601}9656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181425Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.413{E265CAAD-1C43-60B6-C98D-02000000C601}3208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181417Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.299{E265CAAD-1C43-60B6-C58D-02000000C601}7788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181415Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.245{E265CAAD-1C43-60B6-C48D-02000000C601}3244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181407Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:43.105{E265CAAD-1C43-60B6-C08D-02000000C601}1692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181399Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.963{E265CAAD-1C42-60B6-BC8D-02000000C601}12284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181397Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.947{E265CAAD-1C42-60B6-BB8D-02000000C601}13344C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181391Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.831{E265CAAD-1C42-60B6-B88D-02000000C601}11904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181381Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.690{E265CAAD-1C42-60B6-B38D-02000000C601}1732C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181377Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.601{E265CAAD-1C42-60B6-B18D-02000000C601}9444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181373Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.542{E265CAAD-1C42-60B6-AF8D-02000000C601}11612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181363Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.378{E265CAAD-1C42-60B6-AA8D-02000000C601}11884C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181359Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.271{E265CAAD-1C42-60B6-A88D-02000000C601}4420C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181355Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:42.134{E265CAAD-1C42-60B6-A68D-02000000C601}11556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181345Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.883{E265CAAD-1C41-60B6-A18D-02000000C601}14256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181343Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.868{E265CAAD-1C41-60B6-A08D-02000000C601}3104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181335Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.666{E265CAAD-1C41-60B6-9C8D-02000000C601}14072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181327Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.557{E265CAAD-1C41-60B6-988D-02000000C601}3652C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181325Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.489{E265CAAD-1C41-60B6-978D-02000000C601}13936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181317Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.358{E265CAAD-1C41-60B6-938D-02000000C601}8904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181309Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.149{E265CAAD-1C41-60B6-8F8D-02000000C601}11676C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181307Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.117{E265CAAD-1C41-60B6-8E8D-02000000C601}4316C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181298Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:41.008{E265CAAD-1C41-60B6-8A8D-02000000C601}12444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181290Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:40.887{E265CAAD-1C40-60B6-868D-02000000C601}4848C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181284Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:40.341{E265CAAD-1C40-60B6-838D-02000000C601}10784C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-120C-60B6-3A54-02000000C601}4220C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001181282Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:38:40.284{E265CAAD-1C40-60B6-828D-02000000C601}10896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-AF9D-60B5-F2AA-00000000C601}9248C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180402Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:39.634{E265CAAD-1C03-60B6-3C8D-02000000C601}10408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180396Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:39.505{E265CAAD-1C03-60B6-398D-02000000C601}13204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180390Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:39.354{E265CAAD-1C03-60B6-368D-02000000C601}12832C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180384Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:39.208{E265CAAD-1C03-60B6-338D-02000000C601}13704C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180378Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:39.074{E265CAAD-1C03-60B6-308D-02000000C601}14172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180372Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:38.951{E265CAAD-1C02-60B6-2D8D-02000000C601}9184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180366Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:38.841{E265CAAD-1C02-60B6-2A8D-02000000C601}6272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180360Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:38.694{E265CAAD-1C02-60B6-278D-02000000C601}11948C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180354Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:38.551{E265CAAD-1C02-60B6-248D-02000000C601}6908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180348Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:38.404{E265CAAD-1C02-60B6-218D-02000000C601}8168C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180342Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:38.245{E265CAAD-1C02-60B6-1E8D-02000000C601}12664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180336Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:38.121{E265CAAD-1C02-60B6-1B8D-02000000C601}10528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180330Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:37.978{E265CAAD-1C01-60B6-188D-02000000C601}8408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180324Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:37.857{E265CAAD-1C01-60B6-158D-02000000C601}13156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180318Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:37.695{E265CAAD-1C01-60B6-128D-02000000C601}6468C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180312Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:37.531{E265CAAD-1C01-60B6-0F8D-02000000C601}3184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180306Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:37.371{E265CAAD-1C01-60B6-0C8D-02000000C601}8096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180300Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:37.211{E265CAAD-1C01-60B6-098D-02000000C601}9396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180294Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:37.024{E265CAAD-1C01-60B6-068D-02000000C601}12396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180288Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:36.913{E265CAAD-1C00-60B6-038D-02000000C601}9088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180282Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:36.773{E265CAAD-1C00-60B6-008D-02000000C601}7868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180276Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:36.655{E265CAAD-1C00-60B6-FD8C-02000000C601}4996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180270Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:36.485{E265CAAD-1C00-60B6-FA8C-02000000C601}12216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180264Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:36.389{E265CAAD-1C00-60B6-F78C-02000000C601}3800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180258Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:36.236{E265CAAD-1C00-60B6-F48C-02000000C601}13804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180252Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:36.118{E265CAAD-1C00-60B6-F18C-02000000C601}6028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180246Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:35.997{E265CAAD-1BFF-60B6-EE8C-02000000C601}13992C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180240Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:35.901{E265CAAD-1BFF-60B6-EB8C-02000000C601}2208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180234Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:35.741{E265CAAD-1BFF-60B6-E88C-02000000C601}9848C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180228Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:35.515{E265CAAD-1BFF-60B6-E58C-02000000C601}5640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180222Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:35.294{E265CAAD-1BFF-60B6-E28C-02000000C601}9480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180216Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:35.184{E265CAAD-1BFF-60B6-DF8C-02000000C601}2912C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180210Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:34.971{E265CAAD-1BFE-60B6-DC8C-02000000C601}6052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180204Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:34.744{E265CAAD-1BFE-60B6-D98C-02000000C601}11968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180198Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:34.514{E265CAAD-1BFE-60B6-D68C-02000000C601}10772C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180192Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:34.324{E265CAAD-1BFE-60B6-D38C-02000000C601}12088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180186Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:34.154{E265CAAD-1BFE-60B6-D08C-02000000C601}7700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180180Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:33.913{E265CAAD-1BFD-60B6-CD8C-02000000C601}4600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180174Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:33.701{E265CAAD-1BFD-60B6-CA8C-02000000C601}7132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180168Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:33.527{E265CAAD-1BFD-60B6-C78C-02000000C601}8736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180162Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:33.294{E265CAAD-1BFD-60B6-C48C-02000000C601}11708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180156Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:33.117{E265CAAD-1BFD-60B6-C18C-02000000C601}4740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180150Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:32.912{E265CAAD-1BFC-60B6-BE8C-02000000C601}908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180144Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:32.704{E265CAAD-1BFC-60B6-BB8C-02000000C601}7504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180138Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:32.505{E265CAAD-1BFC-60B6-B88C-02000000C601}8076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180132Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:32.331{E265CAAD-1BFC-60B6-B58C-02000000C601}8308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180126Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:30.091{E265CAAD-1BFA-60B6-B28C-02000000C601}9500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180120Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:29.911{E265CAAD-1BF9-60B6-AF8C-02000000C601}11716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180114Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:29.634{E265CAAD-1BF9-60B6-AC8C-02000000C601}10504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180108Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:29.478{E265CAAD-1BF9-60B6-A98C-02000000C601}11696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180102Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:29.293{E265CAAD-1BF9-60B6-A68C-02000000C601}9496C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180096Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:29.064{E265CAAD-1BF9-60B6-A38C-02000000C601}13208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180090Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:28.815{E265CAAD-1BF8-60B6-A08C-02000000C601}12720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180084Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:28.567{E265CAAD-1BF8-60B6-9D8C-02000000C601}10400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180078Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:28.408{E265CAAD-1BF8-60B6-9A8C-02000000C601}3976C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180072Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:28.167{E265CAAD-1BF8-60B6-978C-02000000C601}7632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180066Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:27.943{E265CAAD-1BF7-60B6-948C-02000000C601}3248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180060Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:27.667{E265CAAD-1BF7-60B6-918C-02000000C601}11860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180054Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:27.454{E265CAAD-1BF7-60B6-8E8C-02000000C601}568C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180048Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:27.118{E265CAAD-1BF7-60B6-8B8C-02000000C601}6124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001180042Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:37:26.573{E265CAAD-1BF6-60B6-888C-02000000C601}1672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-5B40-60B5-C309-00000000C601}32C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179617Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:03.260{E265CAAD-1BA3-60B6-3D8C-02000000C601}5656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179611Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:03.134{E265CAAD-1BA3-60B6-3A8C-02000000C601}4796C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179605Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:03.016{E265CAAD-1BA3-60B6-378C-02000000C601}1528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179599Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:02.931{E265CAAD-1BA2-60B6-348C-02000000C601}10264C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179593Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:02.834{E265CAAD-1BA2-60B6-318C-02000000C601}4636C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179587Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:02.701{E265CAAD-1BA2-60B6-2E8C-02000000C601}4900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179581Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:02.587{E265CAAD-1BA2-60B6-2B8C-02000000C601}13380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179575Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:02.450{E265CAAD-1BA2-60B6-288C-02000000C601}14016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179569Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:02.238{E265CAAD-1BA2-60B6-258C-02000000C601}12212C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179562Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:02.034{E265CAAD-1BA2-60B6-228C-02000000C601}13428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179555Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:01.814{E265CAAD-1BA1-60B6-1E8C-02000000C601}7324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179549Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:01.621{E265CAAD-1BA1-60B6-1B8C-02000000C601}4616C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179542Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:01.404{E265CAAD-1BA1-60B6-178C-02000000C601}10172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179536Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:01.181{E265CAAD-1BA1-60B6-148C-02000000C601}13104C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179530Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:00.957{E265CAAD-1BA0-60B6-118C-02000000C601}10920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179524Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:00.764{E265CAAD-1BA0-60B6-0E8C-02000000C601}12908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179518Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:00.607{E265CAAD-1BA0-60B6-0B8C-02000000C601}4536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179512Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:00.441{E265CAAD-1BA0-60B6-088C-02000000C601}1228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179506Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:00.210{E265CAAD-1BA0-60B6-058C-02000000C601}5856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179500Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:36:00.020{E265CAAD-1BA0-60B6-028C-02000000C601}9808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179494Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:59.807{E265CAAD-1B9F-60B6-FF8B-02000000C601}12588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179488Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:59.630{E265CAAD-1B9F-60B6-FC8B-02000000C601}3780C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179482Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:59.414{E265CAAD-1B9F-60B6-F98B-02000000C601}6708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179476Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:59.238{E265CAAD-1B9F-60B6-F68B-02000000C601}7640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179470Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:58.997{E265CAAD-1B9E-60B6-F38B-02000000C601}13856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179464Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:57.985{E265CAAD-1B9D-60B6-F08B-02000000C601}13612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179458Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:57.740{E265CAAD-1B9D-60B6-ED8B-02000000C601}13996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179452Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:57.560{E265CAAD-1B9D-60B6-EA8B-02000000C601}11820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179446Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:57.410{E265CAAD-1B9D-60B6-E78B-02000000C601}11284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179440Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:57.331{E265CAAD-1B9D-60B6-E48B-02000000C601}13512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179434Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:57.214{E265CAAD-1B9D-60B6-E18B-02000000C601}13816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179428Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:57.080{E265CAAD-1B9D-60B6-DE8B-02000000C601}10980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179422Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:56.938{E265CAAD-1B9C-60B6-DB8B-02000000C601}8728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179416Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:56.731{E265CAAD-1B9C-60B6-D88B-02000000C601}7900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179410Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:56.594{E265CAAD-1B9C-60B6-D58B-02000000C601}11508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179404Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:56.485{E265CAAD-1B9C-60B6-D28B-02000000C601}11112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179398Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:56.347{E265CAAD-1B9C-60B6-CF8B-02000000C601}9588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179392Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:56.231{E265CAAD-1B9C-60B6-CC8B-02000000C601}2856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179386Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:56.037{E265CAAD-1B9C-60B6-C98B-02000000C601}8776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179380Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:55.917{E265CAAD-1B9B-60B6-C68B-02000000C601}10940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179374Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:55.766{E265CAAD-1B9B-60B6-C38B-02000000C601}8832C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179368Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:55.525{E265CAAD-1B9B-60B6-C08B-02000000C601}14272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179362Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:55.294{E265CAAD-1B9B-60B6-BD8B-02000000C601}1324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179356Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:55.074{E265CAAD-1B9B-60B6-BA8B-02000000C601}13620C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179350Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:54.840{E265CAAD-1B9A-60B6-B78B-02000000C601}13748C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179344Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:54.603{E265CAAD-1B9A-60B6-B48B-02000000C601}12904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179338Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:54.397{E265CAAD-1B9A-60B6-B18B-02000000C601}2020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179332Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:54.227{E265CAAD-1B9A-60B6-AE8B-02000000C601}14224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179326Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:54.044{E265CAAD-1B9A-60B6-AB8B-02000000C601}11040C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179320Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:53.860{E265CAAD-1B99-60B6-A88B-02000000C601}12824C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179314Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:53.648{E265CAAD-1B99-60B6-A58B-02000000C601}4276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179308Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:53.477{E265CAAD-1B99-60B6-A28B-02000000C601}9592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179302Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:53.304{E265CAAD-1B99-60B6-9F8B-02000000C601}11152C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179296Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:53.098{E265CAAD-1B99-60B6-9C8B-02000000C601}10232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179290Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:52.900{E265CAAD-1B98-60B6-998B-02000000C601}6864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179284Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:52.791{E265CAAD-1B98-60B6-968B-02000000C601}10488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179278Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:52.624{E265CAAD-1B98-60B6-938B-02000000C601}6120C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179272Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:52.497{E265CAAD-1B98-60B6-908B-02000000C601}11608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179266Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:52.370{E265CAAD-1B98-60B6-8D8B-02000000C601}10256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179260Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:52.222{E265CAAD-1B98-60B6-8A8B-02000000C601}6300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001179254Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:35:51.606{E265CAAD-1B97-60B6-878B-02000000C601}2740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-F5EE-60B5-7FC0-01000000C601}2040C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178378Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:56.277{E265CAAD-1B60-60B6-338B-02000000C601}7572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178372Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:56.058{E265CAAD-1B60-60B6-308B-02000000C601}11804C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178365Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:55.837{E265CAAD-1B5F-60B6-2D8B-02000000C601}10716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178359Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:55.588{E265CAAD-1B5F-60B6-2A8B-02000000C601}13956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178353Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:55.391{E265CAAD-1B5F-60B6-278B-02000000C601}11392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178347Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:55.143{E265CAAD-1B5F-60B6-248B-02000000C601}7936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178341Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:54.950{E265CAAD-1B5E-60B6-218B-02000000C601}5744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178335Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:54.788{E265CAAD-1B5E-60B6-1E8B-02000000C601}4960C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178329Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:54.583{E265CAAD-1B5E-60B6-1B8B-02000000C601}10228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178323Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:54.396{E265CAAD-1B5E-60B6-188B-02000000C601}9616C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178317Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:54.227{E265CAAD-1B5E-60B6-158B-02000000C601}3460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178311Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:54.004{E265CAAD-1B5E-60B6-128B-02000000C601}8344C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178305Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:53.830{E265CAAD-1B5D-60B6-0F8B-02000000C601}12620C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178299Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:53.641{E265CAAD-1B5D-60B6-0C8B-02000000C601}776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178293Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:53.433{E265CAAD-1B5D-60B6-098B-02000000C601}9924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178287Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:53.241{E265CAAD-1B5D-60B6-068B-02000000C601}13736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178281Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:53.043{E265CAAD-1B5D-60B6-038B-02000000C601}7216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178275Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:52.827{E265CAAD-1B5C-60B6-008B-02000000C601}11556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178269Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:52.580{E265CAAD-1B5C-60B6-FD8A-02000000C601}9876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178263Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:52.327{E265CAAD-1B5C-60B6-FA8A-02000000C601}7020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178257Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:52.087{E265CAAD-1B5C-60B6-F78A-02000000C601}14116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178251Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:51.807{E265CAAD-1B5B-60B6-F48A-02000000C601}284C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178245Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:51.580{E265CAAD-1B5B-60B6-F18A-02000000C601}10612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178239Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:51.370{E265CAAD-1B5B-60B6-EE8A-02000000C601}13924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178233Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:51.141{E265CAAD-1B5B-60B6-EB8A-02000000C601}13532C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178227Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:50.937{E265CAAD-1B5A-60B6-E88A-02000000C601}11304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178221Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:50.740{E265CAAD-1B5A-60B6-E58A-02000000C601}576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178215Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:50.537{E265CAAD-1B5A-60B6-E28A-02000000C601}11568C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178209Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:50.358{E265CAAD-1B5A-60B6-DF8A-02000000C601}12384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178203Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:50.231{E265CAAD-1B5A-60B6-DC8A-02000000C601}8976C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178197Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:49.963{E265CAAD-1B59-60B6-D98A-02000000C601}5052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178191Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:49.764{E265CAAD-1B59-60B6-D68A-02000000C601}5692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178185Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:49.520{E265CAAD-1B59-60B6-D38A-02000000C601}4408C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178179Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:49.341{E265CAAD-1B59-60B6-D08A-02000000C601}6712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178173Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:49.224{E265CAAD-1B59-60B6-CD8A-02000000C601}5532C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178167Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:49.104{E265CAAD-1B59-60B6-CA8A-02000000C601}10672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178160Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:48.970{E265CAAD-1B58-60B6-C78A-02000000C601}6780C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178154Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:48.797{E265CAAD-1B58-60B6-C48A-02000000C601}9508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178148Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:48.614{E265CAAD-1B58-60B6-C18A-02000000C601}11700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178142Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:48.444{E265CAAD-1B58-60B6-BE8A-02000000C601}10324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178136Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:48.314{E265CAAD-1B58-60B6-BB8A-02000000C601}7640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178130Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:48.164{E265CAAD-1B58-60B6-B88A-02000000C601}10136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178122Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:47.927{E265CAAD-1B57-60B6-B58A-02000000C601}10192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178116Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:47.741{E265CAAD-1B57-60B6-B28A-02000000C601}10816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178110Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:47.537{E265CAAD-1B57-60B6-AF8A-02000000C601}11124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178104Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:47.390{E265CAAD-1B57-60B6-AC8A-02000000C601}9552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178098Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:47.240{E265CAAD-1B57-60B6-A98A-02000000C601}8116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178092Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:47.117{E265CAAD-1B57-60B6-A68A-02000000C601}4328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178086Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:46.914{E265CAAD-1B56-60B6-A38A-02000000C601}3780C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178080Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:46.751{E265CAAD-1B56-60B6-A08A-02000000C601}13916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178074Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:46.600{E265CAAD-1B56-60B6-9D8A-02000000C601}10428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178068Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:46.415{E265CAAD-1B56-60B6-9A8A-02000000C601}7324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178062Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:46.197{E265CAAD-1B56-60B6-978A-02000000C601}2840C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178056Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:46.043{E265CAAD-1B56-60B6-948A-02000000C601}9912C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178050Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:45.877{E265CAAD-1B55-60B6-918A-02000000C601}4244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178044Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:44.904{E265CAAD-1B54-60B6-8E8A-02000000C601}11628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178038Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:44.743{E265CAAD-1B54-60B6-8B8A-02000000C601}12856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178032Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:44.611{E265CAAD-1B54-60B6-888A-02000000C601}5424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178026Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:44.446{E265CAAD-1B54-60B6-858A-02000000C601}10412C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178020Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:44.190{E265CAAD-1B54-60B6-828A-02000000C601}9388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001178014Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:34:43.166{E265CAAD-1B53-60B6-7F8A-02000000C601}10720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-D9CE-60B5-C242-01000000C601}2504C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177509Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:58.455{E265CAAD-1B26-60B6-398A-02000000C601}12880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177503Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:58.302{E265CAAD-1B26-60B6-368A-02000000C601}1860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177497Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:58.183{E265CAAD-1B26-60B6-338A-02000000C601}8736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177491Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:58.054{E265CAAD-1B26-60B6-308A-02000000C601}13840C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177485Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.941{E265CAAD-1B25-60B6-2D8A-02000000C601}11248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177479Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.824{E265CAAD-1B25-60B6-2A8A-02000000C601}13424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177473Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.762{E265CAAD-1B25-60B6-278A-02000000C601}6072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177467Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.629{E265CAAD-1B25-60B6-248A-02000000C601}12088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177461Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.509{E265CAAD-1B25-60B6-218A-02000000C601}9164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177455Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.407{E265CAAD-1B25-60B6-1E8A-02000000C601}6608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177449Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.310{E265CAAD-1B25-60B6-1B8A-02000000C601}13788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177443Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.143{E265CAAD-1B25-60B6-188A-02000000C601}12456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177437Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:57.007{E265CAAD-1B25-60B6-158A-02000000C601}11096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177431Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.924{E265CAAD-1B24-60B6-128A-02000000C601}4768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177425Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.807{E265CAAD-1B24-60B6-0F8A-02000000C601}2208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177419Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.693{E265CAAD-1B24-60B6-0C8A-02000000C601}8916C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177413Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.603{E265CAAD-1B24-60B6-098A-02000000C601}2448C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177407Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.513{E265CAAD-1B24-60B6-068A-02000000C601}10344C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177401Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.416{E265CAAD-1B24-60B6-038A-02000000C601}9652C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177395Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.305{E265CAAD-1B24-60B6-008A-02000000C601}8416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177389Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.189{E265CAAD-1B24-60B6-FD89-02000000C601}1564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177383Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:56.098{E265CAAD-1B24-60B6-FA89-02000000C601}8920C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177377Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.986{E265CAAD-1B23-60B6-F789-02000000C601}9560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177371Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.863{E265CAAD-1B23-60B6-F489-02000000C601}8808C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177365Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.767{E265CAAD-1B23-60B6-F189-02000000C601}7724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177359Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.678{E265CAAD-1B23-60B6-EE89-02000000C601}11716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177353Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.558{E265CAAD-1B23-60B6-EB89-02000000C601}4168C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177347Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.412{E265CAAD-1B23-60B6-E889-02000000C601}14156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177341Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.306{E265CAAD-1B23-60B6-E589-02000000C601}5380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177335Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.190{E265CAAD-1B23-60B6-E289-02000000C601}13396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177329Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:55.022{E265CAAD-1B23-60B6-DF89-02000000C601}5500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177323Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:54.870{E265CAAD-1B22-60B6-DC89-02000000C601}2348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177317Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:54.751{E265CAAD-1B22-60B6-D989-02000000C601}9396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177311Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:53.374{E265CAAD-1B21-60B6-D689-02000000C601}11216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177305Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:53.285{E265CAAD-1B21-60B6-D389-02000000C601}10924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177298Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:53.144{E265CAAD-1B21-60B6-D089-02000000C601}4288C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177292Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:52.909{E265CAAD-1B20-60B6-CD89-02000000C601}11960C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177286Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:52.661{E265CAAD-1B20-60B6-CA89-02000000C601}12488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177280Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:52.459{E265CAAD-1B20-60B6-C789-02000000C601}11760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177274Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:52.246{E265CAAD-1B20-60B6-C489-02000000C601}14324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177268Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:52.070{E265CAAD-1B20-60B6-C189-02000000C601}2144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177262Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:51.883{E265CAAD-1B1F-60B6-BE89-02000000C601}7492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177256Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:51.630{E265CAAD-1B1F-60B6-BB89-02000000C601}5708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177250Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:51.403{E265CAAD-1B1F-60B6-B889-02000000C601}7204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177244Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:51.150{E265CAAD-1B1F-60B6-B589-02000000C601}9516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177238Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:50.880{E265CAAD-1B1E-60B6-B289-02000000C601}1628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177232Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:50.717{E265CAAD-1B1E-60B6-AF89-02000000C601}12112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177226Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:50.523{E265CAAD-1B1E-60B6-AC89-02000000C601}6880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177220Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:50.323{E265CAAD-1B1E-60B6-A989-02000000C601}2868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177214Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:50.120{E265CAAD-1B1E-60B6-A689-02000000C601}7988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177198Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:49.950{E265CAAD-1B1D-60B6-A389-02000000C601}11080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177192Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:49.751{E265CAAD-1B1D-60B6-A089-02000000C601}8900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177186Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:49.564{E265CAAD-1B1D-60B6-9D89-02000000C601}9204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177180Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:49.310{E265CAAD-1B1D-60B6-9A89-02000000C601}12816C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177174Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:49.096{E265CAAD-1B1D-60B6-9789-02000000C601}3896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177168Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:48.840{E265CAAD-1B1C-60B6-9489-02000000C601}13184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177162Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:48.556{E265CAAD-1B1C-60B6-9189-02000000C601}12872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177156Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:48.384{E265CAAD-1B1C-60B6-8E89-02000000C601}9724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177150Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:48.227{E265CAAD-1B1C-60B6-8B89-02000000C601}3720C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177144Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:48.033{E265CAAD-1B1C-60B6-8889-02000000C601}12300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001177138Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:47.293{E265CAAD-1B1B-60B6-8589-02000000C601}13048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-937B-60B5-D360-00000000C601}4948C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175691Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:12.353{E265CAAD-1AF8-60B6-4489-02000000C601}9072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175685Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:11.948{E265CAAD-1AF7-60B6-4189-02000000C601}8080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175679Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:11.653{E265CAAD-1AF7-60B6-3E89-02000000C601}11876C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175648Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:10.538{E265CAAD-1AF6-60B6-3689-02000000C601}13536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175625Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:10.198{E265CAAD-1AF6-60B6-3089-02000000C601}13100C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175603Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:09.940{E265CAAD-1AF5-60B6-2A89-02000000C601}2424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175572Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:09.597{E265CAAD-1AF5-60B6-2289-02000000C601}4764C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175554Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:09.376{E265CAAD-1AF5-60B6-1C89-02000000C601}4592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175538Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:09.100{E265CAAD-1AF5-60B6-1789-02000000C601}5716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175517Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:08.794{E265CAAD-1AF4-60B6-1189-02000000C601}9164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175493Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:08.415{E265CAAD-1AF4-60B6-0B89-02000000C601}3212C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175470Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:08.083{E265CAAD-1AF4-60B6-0489-02000000C601}1936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175451Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:07.814{E265CAAD-1AF3-60B6-FF88-02000000C601}12132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175438Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:07.434{E265CAAD-1AF3-60B6-FA88-02000000C601}13900C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175420Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:06.729{E265CAAD-1AF2-60B6-F388-02000000C601}5632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175393Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:06.104{E265CAAD-1AF2-60B6-EB88-02000000C601}7584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175378Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:05.743{E265CAAD-1AF1-60B6-E688-02000000C601}14228C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175365Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:05.599{E265CAAD-1AF1-60B6-E188-02000000C601}6116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175349Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:05.309{E265CAAD-1AF1-60B6-DC88-02000000C601}6508C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175332Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:05.104{E265CAAD-1AF1-60B6-D688-02000000C601}8164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175313Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:04.911{E265CAAD-1AF0-60B6-D188-02000000C601}8460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175300Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:04.723{E265CAAD-1AF0-60B6-CC88-02000000C601}5224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175286Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:04.407{E265CAAD-1AF0-60B6-C888-02000000C601}10956C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175270Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:04.090{E265CAAD-1AF0-60B6-C388-02000000C601}1664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175257Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:03.859{E265CAAD-1AEF-60B6-BE88-02000000C601}6072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175251Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:03.706{E265CAAD-1AEF-60B6-BB88-02000000C601}11988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175240Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:03.473{E265CAAD-1AEF-60B6-B788-02000000C601}10700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175228Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:03.286{E265CAAD-1AEF-60B6-B288-02000000C601}11384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175227Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:03.276{E265CAAD-1AEF-60B6-B188-02000000C601}6272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175219Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:03.123{E265CAAD-1AEF-60B6-AD88-02000000C601}12272C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175210Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:03.018{E265CAAD-1AEF-60B6-A988-02000000C601}8260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175206Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.960{E265CAAD-1AEE-60B6-A788-02000000C601}2016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175201Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.893{E265CAAD-1AEE-60B6-A588-02000000C601}11800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175192Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.730{E265CAAD-1AEE-60B6-A088-02000000C601}10396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175190Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.726{E265CAAD-1AEE-60B6-9F88-02000000C601}11276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175182Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.623{E265CAAD-1AEE-60B6-9B88-02000000C601}7632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175176Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.512{E265CAAD-1AEE-60B6-9888-02000000C601}8140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175172Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.480{E265CAAD-1AEE-60B6-9688-02000000C601}7200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175161Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.100{E265CAAD-1AEE-60B6-9088-02000000C601}10340C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175159Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:02.070{E265CAAD-1AEE-60B6-8F88-02000000C601}12880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175153Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:01.855{E265CAAD-1AED-60B6-8C88-02000000C601}4300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175142Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:01.548{E265CAAD-1AED-60B6-8688-02000000C601}12856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175140Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:01.521{E265CAAD-1AED-60B6-8588-02000000C601}11532C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175130Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:01.336{E265CAAD-1AED-60B6-8088-02000000C601}3692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175128Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:01.310{E265CAAD-1AED-60B6-7F88-02000000C601}12820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175120Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:01.171{E265CAAD-1AED-60B6-7B88-02000000C601}11944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175112Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:01.044{E265CAAD-1AED-60B6-7788-02000000C601}10428C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175110Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:01.028{E265CAAD-1AED-60B6-7688-02000000C601}5472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175100Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.855{E265CAAD-1AEC-60B6-7188-02000000C601}14028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175098Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.840{E265CAAD-1AEC-60B6-7088-02000000C601}12692C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175088Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.733{E265CAAD-1AEC-60B6-6B88-02000000C601}4252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175086Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.687{E265CAAD-1AEC-60B6-6A88-02000000C601}2252C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175076Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.557{E265CAAD-1AEC-60B6-6588-02000000C601}11696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175074Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.550{E265CAAD-1AEC-60B6-6488-02000000C601}456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175064Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.417{E265CAAD-1AEC-60B6-5F88-02000000C601}10328C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175062Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.411{E265CAAD-1AEC-60B6-5E88-02000000C601}8988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175052Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.327{E265CAAD-1AEC-60B6-5988-02000000C601}1600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175048Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.253{E265CAAD-1AEC-60B6-5788-02000000C601}11828C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175040Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.156{E265CAAD-1AEC-60B6-5388-02000000C601}12420C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175036Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:33:00.117{E265CAAD-1AEC-60B6-5188-02000000C601}4936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175028Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.976{E265CAAD-1AEB-60B6-4D88-02000000C601}13716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175026Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.956{E265CAAD-1AEB-60B6-4C88-02000000C601}14232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175016Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.820{E265CAAD-1AEB-60B6-4788-02000000C601}12396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175014Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.794{E265CAAD-1AEB-60B6-4688-02000000C601}13776C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175006Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.710{E265CAAD-1AEB-60B6-4288-02000000C601}8880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001175000Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.601{E265CAAD-1AEB-60B6-3F88-02000000C601}9932C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174994Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.546{E265CAAD-1AEB-60B6-3C88-02000000C601}14044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174988Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.450{E265CAAD-1AEB-60B6-3988-02000000C601}13544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174982Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.394{E265CAAD-1AEB-60B6-3688-02000000C601}12716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174976Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.310{E265CAAD-1AEB-60B6-3388-02000000C601}7068C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174968Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.169{E265CAAD-1AEB-60B6-2F88-02000000C601}5672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174966Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:59.140{E265CAAD-1AEB-60B6-2E88-02000000C601}5768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174956Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:58.946{E265CAAD-1AEA-60B6-2988-02000000C601}13292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174954Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:58.943{E265CAAD-1AEA-60B6-2888-02000000C601}10388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174943Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:58.736{E265CAAD-1AEA-60B6-2388-02000000C601}7744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174942Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:58.730{E265CAAD-1AEA-60B6-2288-02000000C601}7996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174936Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:58.600{E265CAAD-1AEA-60B6-1F88-02000000C601}11248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174930Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:58.491{E265CAAD-1AEA-60B6-1C88-02000000C601}996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174924Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:58.130{E265CAAD-1AEA-60B6-1988-02000000C601}14332C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174916Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:56.663{E265CAAD-1AE8-60B6-1588-02000000C601}9048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174910Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:56.496{E265CAAD-1AE8-60B6-1288-02000000C601}7432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174904Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:56.309{E265CAAD-1AE8-60B6-0F88-02000000C601}11268C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174898Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:56.093{E265CAAD-1AE8-60B6-0C88-02000000C601}12280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174892Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:55.962{E265CAAD-1AE7-60B6-0988-02000000C601}14288C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174886Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:55.597{E265CAAD-1AE7-60B6-0688-02000000C601}9396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174880Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:55.380{E265CAAD-1AE7-60B6-0388-02000000C601}5220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174874Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:55.146{E265CAAD-1AE7-60B6-0088-02000000C601}10320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174868Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:54.920{E265CAAD-1AE6-60B6-FD87-02000000C601}4548C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174862Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:54.773{E265CAAD-1AE6-60B6-FA87-02000000C601}13652C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174856Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:54.020{E265CAAD-1AE6-60B6-F787-02000000C601}12248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174847Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:53.476{E265CAAD-1AE5-60B6-F387-02000000C601}4172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174846Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:53.463{E265CAAD-1AE5-60B6-F287-02000000C601}7076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174838Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:53.275{E265CAAD-1AE5-60B6-EE87-02000000C601}8164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174830Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:53.084{E265CAAD-1AE5-60B6-EA87-02000000C601}10544C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174826Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:52.906{E265CAAD-1AE4-60B6-E887-02000000C601}9192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174820Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:52.813{E265CAAD-1AE4-60B6-E587-02000000C601}3564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174812Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:52.603{E265CAAD-1AE4-60B6-E187-02000000C601}9196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174810Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:52.571{E265CAAD-1AE4-60B6-E087-02000000C601}3664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174800Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:52.332{E265CAAD-1AE4-60B6-DB87-02000000C601}3456C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174798Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:52.243{E265CAAD-1AE4-60B6-DA87-02000000C601}6424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174788Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:51.912{E265CAAD-1AE3-60B6-D587-02000000C601}9664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174786Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:51.823{E265CAAD-1AE3-60B6-D487-02000000C601}14224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174776Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:51.408{E265CAAD-1AE3-60B6-CF87-02000000C601}10612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174772Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:51.365{E265CAAD-1AE3-60B6-CD87-02000000C601}5464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174766Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:51.215{E265CAAD-1AE3-60B6-CA87-02000000C601}11640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174760Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:50.939{E265CAAD-1AE2-60B6-C787-02000000C601}5416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174752Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:50.564{E265CAAD-1AE2-60B6-C387-02000000C601}12464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174746Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:50.139{E265CAAD-1AE2-60B6-C087-02000000C601}4520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174744Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:50.096{E265CAAD-1AE2-60B6-BF87-02000000C601}7048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-BDC1-60B5-0DD9-00000000C601}10008C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174738Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:49.713{E265CAAD-1AE1-60B6-BC87-02000000C601}13616C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174732Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:49.283{E265CAAD-1AE1-60B6-B987-02000000C601}14136C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174726Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:48.980{E265CAAD-1AE0-60B6-B687-02000000C601}13316C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174720Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:48.584{E265CAAD-1AE0-60B6-B387-02000000C601}520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174714Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:48.370{E265CAAD-1AE0-60B6-B087-02000000C601}10232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174708Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:48.173{E265CAAD-1AE0-60B6-AD87-02000000C601}11812C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174702Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:48.004{E265CAAD-1AE0-60B6-AA87-02000000C601}10044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174696Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:47.860{E265CAAD-1ADF-60B6-A787-02000000C601}2952C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174690Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:47.704{E265CAAD-1ADF-60B6-A487-02000000C601}12836C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174684Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:47.289{E265CAAD-1ADF-60B6-A187-02000000C601}13464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174678Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:46.649{E265CAAD-1ADE-60B6-9E87-02000000C601}4580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174672Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:45.411{E265CAAD-1ADD-60B6-9B87-02000000C601}14128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174666Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:43.325{E265CAAD-1ADB-60B6-9887-02000000C601}8592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-03FA-60B6-F308-02000000C601}11992C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174257Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:21.180{E265CAAD-1AC5-60B6-5987-02000000C601}2232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174251Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:21.055{E265CAAD-1AC5-60B6-5687-02000000C601}184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174245Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:20.895{E265CAAD-1AC4-60B6-5387-02000000C601}8552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174239Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:20.697{E265CAAD-1AC4-60B6-5087-02000000C601}11160C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174233Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:20.136{E265CAAD-1AC4-60B6-4D87-02000000C601}11628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174227Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:19.949{E265CAAD-1AC3-60B6-4A87-02000000C601}6768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174221Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:19.803{E265CAAD-1AC3-60B6-4787-02000000C601}9232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174215Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:19.626{E265CAAD-1AC3-60B6-4487-02000000C601}11872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174209Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:19.487{E265CAAD-1AC3-60B6-4187-02000000C601}1600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174203Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:19.340{E265CAAD-1AC3-60B6-3E87-02000000C601}8472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174197Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:19.206{E265CAAD-1AC3-60B6-3B87-02000000C601}4180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174191Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:19.104{E265CAAD-1AC3-60B6-3887-02000000C601}5976C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174185Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:18.970{E265CAAD-1AC2-60B6-3587-02000000C601}3860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174179Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:18.763{E265CAAD-1AC2-60B6-3287-02000000C601}11592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174173Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:18.645{E265CAAD-1AC2-60B6-2F87-02000000C601}8988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174167Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:18.456{E265CAAD-1AC2-60B6-2C87-02000000C601}8832C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174161Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:18.236{E265CAAD-1AC2-60B6-2987-02000000C601}8156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174155Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:18.086{E265CAAD-1AC2-60B6-2687-02000000C601}8324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174149Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:17.961{E265CAAD-1AC1-60B6-2387-02000000C601}11820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174143Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:17.786{E265CAAD-1AC1-60B6-2087-02000000C601}14220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174137Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:16.226{E265CAAD-1AC0-60B6-1D87-02000000C601}11572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174131Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:16.043{E265CAAD-1AC0-60B6-1A87-02000000C601}1324C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174125Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:15.922{E265CAAD-1ABF-60B6-1787-02000000C601}9304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174119Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:15.630{E265CAAD-1ABF-60B6-1487-02000000C601}13696C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174113Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:15.423{E265CAAD-1ABF-60B6-1187-02000000C601}7672C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174107Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:15.199{E265CAAD-1ABF-60B6-0E87-02000000C601}13896C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174101Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:14.987{E265CAAD-1ABE-60B6-0B87-02000000C601}1752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174095Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:14.800{E265CAAD-1ABE-60B6-0887-02000000C601}12784C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174089Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:14.627{E265CAAD-1ABE-60B6-0587-02000000C601}10664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174083Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:13.679{E265CAAD-1ABD-60B6-0287-02000000C601}4144C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174077Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:13.429{E265CAAD-1ABD-60B6-FF86-02000000C601}8580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174071Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:13.251{E265CAAD-1ABD-60B6-FC86-02000000C601}6424C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174065Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:13.114{E265CAAD-1ABD-60B6-F986-02000000C601}8736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174059Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:12.972{E265CAAD-1ABC-60B6-F686-02000000C601}9204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174053Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:12.844{E265CAAD-1ABC-60B6-F386-02000000C601}4612C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174047Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:12.726{E265CAAD-1ABC-60B6-F086-02000000C601}10444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174041Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:12.586{E265CAAD-1ABC-60B6-ED86-02000000C601}8108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174035Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:12.436{E265CAAD-1ABC-60B6-EA86-02000000C601}4076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174029Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:12.290{E265CAAD-1ABC-60B6-E786-02000000C601}856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174023Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:12.143{E265CAAD-1ABC-60B6-E486-02000000C601}4196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174017Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:12.000{E265CAAD-1ABC-60B6-E186-02000000C601}11476C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174011Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:11.869{E265CAAD-1ABB-60B6-DE86-02000000C601}5648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001174005Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:11.689{E265CAAD-1ABB-60B6-DB86-02000000C601}14208C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173999Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:11.414{E265CAAD-1ABB-60B6-D886-02000000C601}12840C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173993Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:11.133{E265CAAD-1ABB-60B6-D586-02000000C601}6488C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173987Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:10.876{E265CAAD-1ABA-60B6-D286-02000000C601}11064C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173981Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:10.739{E265CAAD-1ABA-60B6-CF86-02000000C601}6072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173975Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:10.613{E265CAAD-1ABA-60B6-CC86-02000000C601}10300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173969Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:10.362{E265CAAD-1ABA-60B6-C986-02000000C601}11444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173963Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:10.115{E265CAAD-1ABA-60B6-C686-02000000C601}3024C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173957Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:09.846{E265CAAD-1AB9-60B6-C386-02000000C601}13336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173951Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:09.536{E265CAAD-1AB9-60B6-C086-02000000C601}712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173945Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:09.307{E265CAAD-1AB9-60B6-BD86-02000000C601}2856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173939Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:09.174{E265CAAD-1AB9-60B6-BA86-02000000C601}3280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173933Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:09.037{E265CAAD-1AB9-60B6-B786-02000000C601}10052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173927Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:08.880{E265CAAD-1AB8-60B6-B486-02000000C601}10472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173921Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:08.713{E265CAAD-1AB8-60B6-B186-02000000C601}10352C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173915Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:08.493{E265CAAD-1AB8-60B6-AE86-02000000C601}6856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173909Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:08.229{E265CAAD-1AB8-60B6-AB86-02000000C601}3172C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173903Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:07.917{E265CAAD-1AB7-60B6-A886-02000000C601}9196C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173896Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:32:07.165{E265CAAD-1AB7-60B6-A486-02000000C601}12520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-6949-60B5-3317-00000000C601}1188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173483Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:50.683{E265CAAD-1AA6-60B6-5F86-02000000C601}4872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173477Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:50.476{E265CAAD-1AA6-60B6-5C86-02000000C601}10316C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173471Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:50.016{E265CAAD-1AA6-60B6-5986-02000000C601}13860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173465Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:49.667{E265CAAD-1AA5-60B6-5686-02000000C601}6124C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173459Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:49.373{E265CAAD-1AA5-60B6-5386-02000000C601}6000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173453Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:49.035{E265CAAD-1AA5-60B6-5086-02000000C601}7472C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173447Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:48.629{E265CAAD-1AA4-60B6-4D86-02000000C601}5372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173441Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:48.373{E265CAAD-1AA4-60B6-4A86-02000000C601}14232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173435Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:48.084{E265CAAD-1AA4-60B6-4786-02000000C601}11796C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173429Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:47.753{E265CAAD-1AA3-60B6-4486-02000000C601}14028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173423Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:47.496{E265CAAD-1AA3-60B6-4186-02000000C601}9548C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173417Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:47.190{E265CAAD-1AA3-60B6-3E86-02000000C601}996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173411Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:46.881{E265CAAD-1AA2-60B6-3B86-02000000C601}12532C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173405Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:46.603{E265CAAD-1AA2-60B6-3886-02000000C601}7756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173399Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:46.329{E265CAAD-1AA2-60B6-3586-02000000C601}8188C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173289Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:45.816{E265CAAD-1AA1-60B6-3286-02000000C601}7996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173283Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:45.485{E265CAAD-1AA1-60B6-2F86-02000000C601}4996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001173277Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:45.173{E265CAAD-1AA1-60B6-2C86-02000000C601}13744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172798Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:44.539{E265CAAD-1AA0-60B6-2886-02000000C601}10520C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172790Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:44.284{E265CAAD-1AA0-60B6-2486-02000000C601}4356C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172784Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:44.042{E265CAAD-1AA0-60B6-2186-02000000C601}4700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172778Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:43.823{E265CAAD-1A9F-60B6-1E86-02000000C601}7248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172772Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:43.507{E265CAAD-1A9F-60B6-1B86-02000000C601}2492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172766Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:43.233{E265CAAD-1A9F-60B6-1886-02000000C601}13820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172760Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:42.954{E265CAAD-1A9E-60B6-1586-02000000C601}11912C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172754Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:42.672{E265CAAD-1A9E-60B6-1286-02000000C601}6704C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172748Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:42.271{E265CAAD-1A9E-60B6-0F86-02000000C601}13192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172719Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:41.969{E265CAAD-1A9D-60B6-0886-02000000C601}2300C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172688Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:41.675{E265CAAD-1A9D-60B6-0086-02000000C601}7744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172667Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:41.230{E265CAAD-1A9D-60B6-FA85-02000000C601}4336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172595Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:39.547{E265CAAD-1A9B-60B6-EA85-02000000C601}9412C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172574Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:39.250{E265CAAD-1A9B-60B6-E485-02000000C601}9016C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172556Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:39.003{E265CAAD-1A9B-60B6-DE85-02000000C601}12952C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172535Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:38.693{E265CAAD-1A9A-60B6-D885-02000000C601}9244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172509Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:38.347{E265CAAD-1A9A-60B6-D185-02000000C601}10500C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172483Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:38.047{E265CAAD-1A9A-60B6-CA85-02000000C601}9988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172467Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:37.783{E265CAAD-1A99-60B6-C585-02000000C601}11668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172448Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:37.564{E265CAAD-1A99-60B6-C085-02000000C601}5184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172432Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:37.293{E265CAAD-1A99-60B6-BB85-02000000C601}13588C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172411Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:37.038{E265CAAD-1A99-60B6-B585-02000000C601}9232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172395Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:36.798{E265CAAD-1A98-60B6-B085-02000000C601}12668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172372Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:36.478{E265CAAD-1A98-60B6-A985-02000000C601}8388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172361Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:36.246{E265CAAD-1A98-60B6-A585-02000000C601}3032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172351Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:36.106{E265CAAD-1A98-60B6-A085-02000000C601}8688C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172349Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:36.053{E265CAAD-1A98-60B6-9F85-02000000C601}744C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172339Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.917{E265CAAD-1A97-60B6-9A85-02000000C601}2540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172337Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.890{E265CAAD-1A97-60B6-9985-02000000C601}2204C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172329Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.788{E265CAAD-1A97-60B6-9585-02000000C601}13572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172323Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.721{E265CAAD-1A97-60B6-9285-02000000C601}6216C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172317Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.656{E265CAAD-1A97-60B6-8F85-02000000C601}1080C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172309Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.576{E265CAAD-1A97-60B6-8B85-02000000C601}5656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172305Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.529{E265CAAD-1A97-60B6-8985-02000000C601}9008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172297Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.426{E265CAAD-1A97-60B6-8585-02000000C601}12864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172295Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.413{E265CAAD-1A97-60B6-8485-02000000C601}8380C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172285Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.248{E265CAAD-1A97-60B6-7F85-02000000C601}10860C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172283Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.236{E265CAAD-1A97-60B6-7E85-02000000C601}10644C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172273Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:35.019{E265CAAD-1A97-60B6-7985-02000000C601}14116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172271Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.989{E265CAAD-1A96-60B6-7885-02000000C601}13680C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172263Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.906{E265CAAD-1A96-60B6-7485-02000000C601}10556C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172257Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.849{E265CAAD-1A96-60B6-7185-02000000C601}11824C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172253Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.792{E265CAAD-1A96-60B6-6F85-02000000C601}5868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172243Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.650{E265CAAD-1A96-60B6-6A85-02000000C601}9576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172239Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.559{E265CAAD-1A96-60B6-6885-02000000C601}11548C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172234Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.530{E265CAAD-1A96-60B6-6685-02000000C601}1664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172226Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.429{E265CAAD-1A96-60B6-6285-02000000C601}6320C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172218Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.334{E265CAAD-1A96-60B6-5E85-02000000C601}5904C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172214Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.239{E265CAAD-1A96-60B6-5C85-02000000C601}6768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172210Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.180{E265CAAD-1A96-60B6-5A85-02000000C601}7200C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172202Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:34.106{E265CAAD-1A96-60B6-5685-02000000C601}7280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172194Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.979{E265CAAD-1A95-60B6-5285-02000000C601}3160C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172192Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.916{E265CAAD-1A95-60B6-5185-02000000C601}3560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172182Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.743{E265CAAD-1A95-60B6-4C85-02000000C601}7528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172178Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.692{E265CAAD-1A95-60B6-4A85-02000000C601}7432C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172174Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.645{E265CAAD-1A95-60B6-4885-02000000C601}10576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172164Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.504{E265CAAD-1A95-60B6-4385-02000000C601}4244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172162Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.465{E265CAAD-1A95-60B6-4285-02000000C601}14032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172154Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.277{E265CAAD-1A95-60B6-3E85-02000000C601}12336C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172148Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:33.209{E265CAAD-1A95-60B6-3B85-02000000C601}5108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172140Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:32.993{E265CAAD-1A94-60B6-3785-02000000C601}12384C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172138Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:32.977{E265CAAD-1A94-60B6-3685-02000000C601}11872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172128Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:32.766{E265CAAD-1A94-60B6-3185-02000000C601}2640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172126Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:32.742{E265CAAD-1A94-60B6-3085-02000000C601}13188C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172115Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:32.336{E265CAAD-1A94-60B6-2B85-02000000C601}8800C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172113Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:32.309{E265CAAD-1A94-60B6-2A85-02000000C601}2792C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172105Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:32.073{E265CAAD-1A94-60B6-2685-02000000C601}9752C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172097Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:31.839{E265CAAD-1A93-60B6-2285-02000000C601}10052C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172093Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:31.705{E265CAAD-1A93-60B6-2085-02000000C601}10560C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-775A-60B5-5A2A-00000000C601}6188C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172087Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:31.486{E265CAAD-1A93-60B6-1E85-02000000C601}3656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172081Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:31.162{E265CAAD-1A93-60B6-1B85-02000000C601}3232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172075Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:30.879{E265CAAD-1A92-60B6-1885-02000000C601}9584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172069Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:30.571{E265CAAD-1A92-60B6-1585-02000000C601}12492C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172063Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:30.279{E265CAAD-1A92-60B6-1285-02000000C601}4584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172057Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:29.797{E265CAAD-1A91-60B6-0F85-02000000C601}14000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172051Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:29.380{E265CAAD-1A91-60B6-0C85-02000000C601}6676C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172045Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:28.833{E265CAAD-1A90-60B6-0985-02000000C601}12992C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172039Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:28.663{E265CAAD-1A90-60B6-0685-02000000C601}11140C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172033Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:28.250{E265CAAD-1A90-60B6-0385-02000000C601}4724C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172027Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:28.035{E265CAAD-1A90-60B6-0085-02000000C601}13132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172021Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:22.803{E265CAAD-1A8A-60B6-FD84-02000000C601}8412C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172015Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:22.680{E265CAAD-1A8A-60B6-FA84-02000000C601}12256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172009Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:22.540{E265CAAD-1A8A-60B6-F784-02000000C601}11940C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001172003Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:22.434{E265CAAD-1A8A-60B6-F484-02000000C601}9632C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171997Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:22.182{E265CAAD-1A8A-60B6-F184-02000000C601}10784C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171991Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:22.057{E265CAAD-1A8A-60B6-EE84-02000000C601}2448C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171984Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:21.899{E265CAAD-1A89-60B6-EB84-02000000C601}14040C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171978Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:21.739{E265CAAD-1A89-60B6-E884-02000000C601}212C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171972Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:21.607{E265CAAD-1A89-60B6-E584-02000000C601}14084C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171966Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:21.443{E265CAAD-1A89-60B6-E284-02000000C601}11536C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171960Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:21.333{E265CAAD-1A89-60B6-DF84-02000000C601}11256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171954Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:21.120{E265CAAD-1A89-60B6-DC84-02000000C601}5872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171948Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:20.967{E265CAAD-1A88-60B6-D984-02000000C601}12260C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171942Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:20.867{E265CAAD-1A88-60B6-D684-02000000C601}9596C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171936Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:20.416{E265CAAD-1A88-60B6-D384-02000000C601}5716C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171930Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:20.098{E265CAAD-1A88-60B6-D084-02000000C601}12308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171924Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:19.949{E265CAAD-1A87-60B6-CD84-02000000C601}12584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171918Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:19.689{E265CAAD-1A87-60B6-CA84-02000000C601}7504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171912Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:19.543{E265CAAD-1A87-60B6-C784-02000000C601}13572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171906Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:19.380{E265CAAD-1A87-60B6-C484-02000000C601}7156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171900Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:19.187{E265CAAD-1A87-60B6-C184-02000000C601}11768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171894Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:19.022{E265CAAD-1A87-60B6-BE84-02000000C601}4156C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171888Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:18.746{E265CAAD-1A86-60B6-BB84-02000000C601}4496C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001171882Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:17.945{E265CAAD-1A85-60B6-B884-02000000C601}11788C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-E7DA-60B5-7F7F-01000000C601}10252C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170497Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:02.870{E265CAAD-1A76-60B6-7284-02000000C601}7076C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170491Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:02.727{E265CAAD-1A76-60B6-6F84-02000000C601}11440C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170485Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:02.602{E265CAAD-1A76-60B6-6C84-02000000C601}11348C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170479Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:02.433{E265CAAD-1A76-60B6-6984-02000000C601}12420C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170473Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:02.179{E265CAAD-1A76-60B6-6684-02000000C601}10012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170466Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:02.003{E265CAAD-1A76-60B6-6284-02000000C601}10516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170459Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:01.555{E265CAAD-1A75-60B6-5E84-02000000C601}12400C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170453Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:01.396{E265CAAD-1A75-60B6-5B84-02000000C601}12760C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170444Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:01.206{E265CAAD-1A75-60B6-5884-02000000C601}9864C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170421Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:00.950{E265CAAD-1A74-60B6-5184-02000000C601}9708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170402Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:00.792{E265CAAD-1A74-60B6-4C84-02000000C601}12092C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170381Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:00.573{E265CAAD-1A74-60B6-4684-02000000C601}5292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170360Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:00.379{E265CAAD-1A74-60B6-4084-02000000C601}5948C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170337Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:31:00.142{E265CAAD-1A74-60B6-3984-02000000C601}11980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170316Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:59.856{E265CAAD-1A73-60B6-3384-02000000C601}11096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170300Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:59.580{E265CAAD-1A73-60B6-2E84-02000000C601}9820C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170286Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:59.369{E265CAAD-1A73-60B6-2A84-02000000C601}8088C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170273Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:59.197{E265CAAD-1A73-60B6-2584-02000000C601}10220C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170257Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:59.014{E265CAAD-1A73-60B6-2084-02000000C601}3460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170243Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:58.807{E265CAAD-1A72-60B6-1C84-02000000C601}12868C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170230Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:58.603{E265CAAD-1A72-60B6-1784-02000000C601}10528C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170219Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:58.460{E265CAAD-1A72-60B6-1384-02000000C601}4848C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170208Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:58.317{E265CAAD-1A72-60B6-0F84-02000000C601}4640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170187Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:58.004{E265CAAD-1A72-60B6-0984-02000000C601}13248C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170169Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:57.784{E265CAAD-1A71-60B6-0484-02000000C601}7664C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170155Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:57.553{E265CAAD-1A71-60B6-FF83-02000000C601}7608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170134Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:57.269{E265CAAD-1A71-60B6-F983-02000000C601}7572C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170113Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:57.008{E265CAAD-1A71-60B6-F383-02000000C601}6996C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170092Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:56.726{E265CAAD-1A70-60B6-ED83-02000000C601}5480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170071Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:56.426{E265CAAD-1A70-60B6-E783-02000000C601}2912C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170050Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:56.143{E265CAAD-1A70-60B6-E183-02000000C601}4044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170029Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:55.892{E265CAAD-1A6F-60B6-DB83-02000000C601}9184C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170013Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:55.065{E265CAAD-1A6F-60B6-D683-02000000C601}13712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ClipBooks Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170007Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:54.880{E265CAAD-1A6E-60B6-D383-02000000C601}512C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001170001Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:54.714{E265CAAD-1A6E-60B6-D083-02000000C601}712C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHasdadelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169995Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:54.547{E265CAAD-1A6E-60B6-CD83-02000000C601}6552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WissssssnHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169989Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:54.399{E265CAAD-1A6E-60B6-CA83-02000000C601}1180C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ".Net CLR" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169983Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:54.267{E265CAAD-1A6E-60B6-C783-02000000C601}10072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SuperProServer Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169977Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:54.075{E265CAAD-1A6E-60B6-C483-02000000C601}7192C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Serhiez Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169971Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:53.950{E265CAAD-1A6D-60B6-C183-02000000C601}9880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "DNS Server" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169965Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:53.761{E265CAAD-1A6D-60B6-BE83-02000000C601}7924C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Zational Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169959Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:53.599{E265CAAD-1A6D-60B6-BB83-02000000C601}3116C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config AxInstSV Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169953Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:53.419{E265CAAD-1A6D-60B6-B883-02000000C601}11212C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config clr_optimization Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169947Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:53.204{E265CAAD-1A6D-60B6-B583-02000000C601}11988C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config aspnet_staters Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169941Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:53.021{E265CAAD-1A6D-60B6-B283-02000000C601}12128C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelpSvcs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169935Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:51.146{E265CAAD-1A6B-60B6-AF83-02000000C601}12292C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WWW.DDOS.CN.COM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169929Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:51.000{E265CAAD-1A6B-60B6-AC83-02000000C601}11728C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ExpressVNService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169923Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:50.729{E265CAAD-1A6A-60B6-A983-02000000C601}12700C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WebServers Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169917Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:50.453{E265CAAD-1A6A-60B6-A683-02000000C601}8600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config taskmgr1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169911Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:50.179{E265CAAD-1A6A-60B6-A383-02000000C601}9308C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApServs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169905Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:49.769{E265CAAD-1A69-60B6-A083-02000000C601}14096C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config wmiApSrvs Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169899Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:49.486{E265CAAD-1A69-60B6-9D83-02000000C601}10368C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config ALGM Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169893Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:49.256{E265CAAD-1A69-60B6-9A83-02000000C601}5756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WifiService Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169887Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:49.077{E265CAAD-1A69-60B6-9783-02000000C601}13464C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SRDSL Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169881Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:48.826{E265CAAD-1A68-60B6-9483-02000000C601}7708C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config MpeSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169875Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:48.544{E265CAAD-1A68-60B6-9183-02000000C601}12872C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config IPSECS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169869Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:48.381{E265CAAD-1A68-60B6-8E83-02000000C601}8936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config 360rTys Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169863Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:48.207{E265CAAD-1A68-60B6-8B83-02000000C601}14304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfyxxx Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169853Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:48.013{E265CAAD-1A68-60B6-8683-02000000C601}14112C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfya Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169849Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:47.953{E265CAAD-1A67-60B6-8483-02000000C601}12440C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169843Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:47.823{E265CAAD-1A67-60B6-8183-02000000C601}11388C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Xtfy Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169837Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:47.659{E265CAAD-1A67-60B6-7E83-02000000C601}6768C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169831Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:47.526{E265CAAD-1A67-60B6-7B83-02000000C601}3516C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinVaultSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169823Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:47.310{E265CAAD-1A67-60B6-7783-02000000C601}892C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SvcNlauser Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169821Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:47.255{E265CAAD-1A67-60B6-7683-02000000C601}5416C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169811Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:47.066{E265CAAD-1A67-60B6-7183-02000000C601}10044C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Windows Managers" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169809Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:47.012{E265CAAD-1A67-60B6-7083-02000000C601}4132C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169801Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:46.893{E265CAAD-1A66-60B6-6C83-02000000C601}8224C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Windows_Update Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169793Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:46.722{E265CAAD-1A66-60B6-6883-02000000C601}12304C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169791Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:46.719{E265CAAD-1A66-60B6-6783-02000000C601}3020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.0 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169781Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:46.424{E265CAAD-1A66-60B6-6283-02000000C601}7592C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config mssecsvc2.1 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169779Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:46.385{E265CAAD-1A66-60B6-6183-02000000C601}5944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169771Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:46.262{E265CAAD-1A66-60B6-5D83-02000000C601}13784C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinSvc Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169765Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:46.187{E265CAAD-1A66-60B6-5A83-02000000C601}6000C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169759Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:46.003{E265CAAD-1A66-60B6-5783-02000000C601}5504C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SxS Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169753Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:45.914{E265CAAD-1A65-60B6-5483-02000000C601}13048C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169749Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:45.852{E265CAAD-1A65-60B6-5283-02000000C601}4276C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Sncryption Media Playeq" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169739Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:45.631{E265CAAD-1A65-60B6-4D83-02000000C601}568C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169737Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:45.534{E265CAAD-1A65-60B6-4C83-02000000C601}4576C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "NetMsmqActiv Media NVIDIA" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169727Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:45.333{E265CAAD-1A65-60B6-4783-02000000C601}7584C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169723Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:45.251{E265CAAD-1A65-60B6-4583-02000000C601}11440C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config RpcEptManger Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169715Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:45.111{E265CAAD-1A65-60B6-4183-02000000C601}4564C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169713Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:45.089{E265CAAD-1A65-60B6-4083-02000000C601}9756C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Samserver Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169703Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:44.827{E265CAAD-1A64-60B6-3B83-02000000C601}12832C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp64 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169699Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:44.727{E265CAAD-1A64-60B6-3983-02000000C601}13792C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169693Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:44.558{E265CAAD-1A64-60B6-3683-02000000C601}12908C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WinHelp32 Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169687Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:44.301{E265CAAD-1A64-60B6-3383-02000000C601}13244C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169681Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:44.186{E265CAAD-1A64-60B6-3083-02000000C601}8660C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalwpi Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169673Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:43.969{E265CAAD-1A63-60B6-2C83-02000000C601}2280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169671Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:43.900{E265CAAD-1A63-60B6-2B83-02000000C601}9656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalaie Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169661Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:43.728{E265CAAD-1A63-60B6-2683-02000000C601}12880C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationalmll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169659Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:43.716{E265CAAD-1A63-60B6-2583-02000000C601}9552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169651Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:43.536{E265CAAD-1A63-60B6-2183-02000000C601}5392C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaloll Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169643Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:43.275{E265CAAD-1A63-60B6-1D83-02000000C601}13372C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169641Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:43.246{E265CAAD-1A63-60B6-1C83-02000000C601}12444C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Natimmonal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169631Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:43.052{E265CAAD-1A63-60B6-1783-02000000C601}3032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Nationaaal Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169629Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:42.987{E265CAAD-1A62-60B6-1683-02000000C601}11008C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169619Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:42.746{E265CAAD-1A62-60B6-1183-02000000C601}8968C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config National Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169617Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:42.691{E265CAAD-1A62-60B6-1083-02000000C601}12552C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169607Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:42.450{E265CAAD-1A62-60B6-0B83-02000000C601}2480C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Sougoudl Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169605Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:42.440{E265CAAD-1A62-60B6-0A83-02000000C601}13648C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169595Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:42.135{E265CAAD-1A62-60B6-0583-02000000C601}5164C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config WmdnPnSN Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169593Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:42.113{E265CAAD-1A62-60B6-0483-02000000C601}12944C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169585Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.899{E265CAAD-1A61-60B6-0083-02000000C601}5028C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169579Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.770{E265CAAD-1A61-60B6-FD82-02000000C601}9628C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config \gm Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169573Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.653{E265CAAD-1A61-60B6-FA82-02000000C601}10396C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169567Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.510{E265CAAD-1A61-60B6-F782-02000000C601}13072C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config sysmgt Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169563Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.413{E265CAAD-1A61-60B6-F582-02000000C601}6856C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169553Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.266{E265CAAD-1A61-60B6-F082-02000000C601}4952C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config CLR Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169551Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.230{E265CAAD-1A61-60B6-EF82-02000000C601}4460C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169545Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.136{E265CAAD-1A61-60B6-EC82-02000000C601}5280C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Oracleupdate Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169537Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:41.008{E265CAAD-1A61-60B6-E882-02000000C601}4420C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169531Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:40.886{E265CAAD-1A60-60B6-E582-02000000C601}7232C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config system Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169523Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:40.693{E265CAAD-1A60-60B6-E282-02000000C601}6740C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169521Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:40.635{E265CAAD-1A60-60B6-E082-02000000C601}2732C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config Microsoft Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169511Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:40.206{E265CAAD-1A60-60B6-DB82-02000000C601}4580C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169507Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:39.897{E265CAAD-1A5F-60B6-D982-02000000C601}5540C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config lsass Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169501Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:39.771{E265CAAD-1A5F-60B6-D682-02000000C601}9608C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169495Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:39.629{E265CAAD-1A5F-60B6-D382-02000000C601}8420C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config "Microsoft Telemetry" Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169487Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:39.344{E265CAAD-1A5F-60B6-CF82-02000000C601}3108C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config SVSHost Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169483Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:39.159{E265CAAD-1A5F-60B6-CD82-02000000C601}2668C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-A18D-60B5-1F83-00000000C601}9356C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe - 154100x80000000000000001169479Microsoft-Windows-Sysmon/Operationalproject-saopaulo-host-2021-06-01 11:30:38.672{E265CAAD-1A5E-60B6-CB82-02000000C601}12936C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\system32\sc.exe" Config xWinWpdSrv Start= DisabledC:\Windows\TEMP\NT AUTHORITY\SYSTEM{E265CAAD-4502-60B5-E703-000000000000}0x3e70SystemMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{E265CAAD-4D37-60B5-E601-00000000C601}6224C:\Windows\System32\WindowsPowerShell\v1.0\lVN8MeO.exelVN8MeO.exe -