23542300x800000000000000048956Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:13.695{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=432DB51AE2CFB2D2A45E0A3CA9A2BED3,SHA256=321058E660A0418EE1E8439C9B50FFC07E3C9E894295C8E49C6A75608ADEA452,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048958Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:14.898{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D45E20BFAD2665A6E775F8A5E51D28EB,SHA256=B095B9A60AC2DEA8D988ECD4E0A3A69804453D5B335BB607741A8C1164F43065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048957Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:14.695{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF85D66D997FE2BAA3D2AD7FA69653D3,SHA256=658AA6DBFB0832D856A9A6732EE18843E1B7AEF1A51DF843479D775B59FE2BF9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:12.711{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33804-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:14.427{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB452590EC222BE8BE80D320322642A4,SHA256=100F254C48421CE10B3EB7B84F823D3CA43D11D0A89ADB1F1FB8321482D3B696,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048959Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:15.726{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64AD27DD4DCFF06CC1E51135599E7D3B,SHA256=03DBA6BE57DBCE3C0FD587871E44339995096B6D0F605E23C88CE434CD872DCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:15.458{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EB316BF6B09A6BC3530A1CCFFDCDFDF,SHA256=7313673720017647530EBE98E0417FB55ED2044AAB69781DC8B5D9EE35DEE0A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:15.193{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C26784F254A517C8DE63C9D3ED00E4D1,SHA256=58903D83DDA7ABE8C689362AA47A0626143EB7BFF35B2B44BE251DFEE04DF4FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048961Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:16.726{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86E652D102FED7FDE5D0CDD17BEF1F3A,SHA256=0FE84D86DEE419111F377A0A8FFB924DCB07D19E981D287B26C1A62822CF4687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:16.489{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D5866BEAFEF6104664405C3B5266818,SHA256=991D007D07CF64C442EC479B1C1C9BCA31773D148A28B4C05507138BD39863A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048960Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:12.934{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64135-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048964Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:17.757{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEDBEC1ABAE1394B2DFDF5A8923D3EFD,SHA256=8444AD0BE887EC9C39E7AE5664DE3A988E48DC0F60C9690F4C28CDB10A3AC8F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.818{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B3C2879E194261197BBF8721A7672D3F,SHA256=B4378488E6027E004749814453BCD22D048B5F0F1611D0E6838151BC6202B52E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.505{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E247524F4384806764788CD903F9F35D,SHA256=20B32FE84560F21F661D466E3DDCEF78BFA7D9A0B886E91CE1574370E45775E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048963Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:14.544{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49237-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048962Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:17.086{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E1A7B51004D053F56832950C8FE00B9E,SHA256=D65A1CD0DC3AE1628FB76D0930A097A405C8A1CD7781849FC068AB9A8AA49E27,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:15.675{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36542-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000048966Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:18.789{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=155846EA6CAC28433F1D51925A899A87,SHA256=114D35F70AA7C08D37260CEEEB1D6FFC8D874582C09CF0CD6815004006174057,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:18.521{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC7C261D7926D4E08B535821DACB7975,SHA256=D0C43712ACDA161D0147ECA78A41EF3DBCF0C37BA255DD755F4693127C59054A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048965Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:15.680{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52456-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000062607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:16.790{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com64739-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:16.204{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57425-false10.0.1.12-8000- 23542300x800000000000000048969Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:19.851{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89C7E11D146F9F661E840AE783037755,SHA256=E354350678A4823F435F0E3595EE6C34CB57388037B9DAD56F745A64F3DCABBD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:18.633{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39277-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:18.563{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-42013-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:19.536{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3DEEFC421EDAA113A52792DC3A171ED,SHA256=3A14133726199704956235F908DDC215F7092710B391F98E67F8B0D09A4AC096,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048968Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:16.160{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50732-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048967Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:19.164{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=949307A18CAF7086A62C0E907213F174,SHA256=C4E84893821A2C89377B1A7707A2D3C564C77EB4BE1C16D5B364C0004AB4F9E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:19.349{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD24CE5F84E91E0A6B90F39CE3346426,SHA256=A4E3F55A9860D9C43928912FAAD1AEE80FAEC5E185990A1698ABDFD447A45D77,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.467{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com52681-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.203{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37909-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:17.107{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40645-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000048973Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:20.867{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9125E106F141B6FD2654E076EDD13092,SHA256=EF6EDBB26C67EFCF5A76B94C59CD396425B4126F8A71E7B2C079BF94357A8802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.739{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D67329D7626B85A90EC7715FFADCFD71,SHA256=6EE362BB559AE64C3CA414BD4099851FC44E5DEF9B993980B923AB76F7A73D55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.739{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1BC6324B78E85B55A161F14FDEE9AA2B,SHA256=C06F33AB2B0541095069796EC28713D37A59B2F932EFD72713EBD477D8C33FC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048972Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:20.273{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=09139C448A47F86E9956DD4057118ED1,SHA256=A09591F599CFCE6B22E4979FC61006C7753F764A2904CB455039D16355EED15D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048971Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:17.749{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52219-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048970Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:17.511{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51377-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000062649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B0-607E-9905-00000000BB01}5288C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0B1-607E-9B05-00000000BB01}5448C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+ba7a|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:20.521{A7A01FEF-B626-607E-0D00-00000000BB01}1008728C:\Windows\system32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+b954|c:\windows\system32\rpcss.dll+ce2e|c:\windows\system32\rpcss.dll+a853|c:\windows\system32\rpcss.dll+42251|c:\windows\system32\rpcss.dll+42382|c:\windows\system32\rpcss.dll+426bf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:21.755{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A2E7484CCD6E69156FA5EC36D5DE087,SHA256=DB126AC525994FF483D3E871455338F9A82186978B0C54D0E750850F279B399B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048976Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:21.867{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5DD5D4B9B2CBD390B5C04B0AB15514A,SHA256=82D231A5E4D9018562FE3F30515E9AF82801FE1519B5731C1EC029380CAE637F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048975Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:21.429{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05B80247186ADCC8ABCC6757676F1136,SHA256=713F39B810F9ACDA57933CDB9C5807B9625179E823AB7E94A40EACF242159B99,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048974Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:18.751{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61171-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048980Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:22.883{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8188D96590661FD6083C999227EFB16B,SHA256=7F3AC472D9CA74246ED8CD4512139ECF6BC24B1A89CD049B56BBB24B189F19E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:22.786{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC8014BF2520C94C638B4170675EDB7D,SHA256=768CBD0E105D6F56BC729A4A9EA7208DF1AC2B870FDAF68A52AE70B40E87394F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048979Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:22.539{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B64973A7FC0F9175505468337D93AF59,SHA256=62962CB5803F5E5F8C403FCC985DCD240F012BF23E9C27347E06471B4A6DEF8C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048978Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:20.338{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62652-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048977Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:19.398{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53703-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.802{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3030B44E70D1822FBE28F768B571177,SHA256=7F32CDECA1239B8990661512D9E3FD0BDD81728B7FDB55EF2C280A7535067EAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048985Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:23.883{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9049E9EA42ADEB5A3B70E581FF7D09B3,SHA256=714A8FD3BCE2FD7A36AAA69F267883CADE003661019B5595AB76F40BFAEF57B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048984Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:23.633{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048983Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:21.192{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55510-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048982Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:21.004{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55198-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048981Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:20.680{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52457-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000062657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.317{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4850BB8C6706463F17B3F12FCBBA790,SHA256=2CF1A63DDE86CBA19255B507222C2871A8AB8930F3DB4691FEEFFEEE899BE006,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:21.794{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55735-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:21.545{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44749-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:21.298{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57426-false10.0.1.12-8000- 23542300x800000000000000062663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:24.817{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58C7B54D746647CEBA2CAB5273157D34,SHA256=8399B538BC8A24DD8B3B7E9A8C22FFC7A4F7E59ACD1ECFF40CA38550AEB0D500,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048988Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:24.898{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB06BCCCC45D60F71B0BC99549E4A1D9,SHA256=B39B19EA66A73923CCF81CDC071988C2CAC047633A4A8AE864128EB07D713427,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:24.708{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=112CFEB6A303D264BE5A17E75784B2A0,SHA256=0812E44C589E5695E882CCA27B0A88F86D0B85B2A2B8676D06B49FFC045FB524,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.128{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43381-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.045{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-46117-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:23.011{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60329-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000048987Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:24.242{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=82BD7609E7F6B5D5584EC5294EA37676,SHA256=766A9CB90B97F0F817CDF241C5AFB43EC92F88C3F36A882741D82D69774EE39F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048986Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:22.606{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56680-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000048989Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:25.902{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=366986EC21FA0591AEFF026907358042,SHA256=5A3E58A566342C6ED5EF654AF99A4EF52F104DE01598E8366E033F16DDE6C54F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:25.833{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F54EDBA735DA1440DD9E12243EB2F7B,SHA256=4E4D105FE79F65C8EFDE40549CD8CDC80738D38484927F6BAD32E84DBCB78364,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:25.349{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=A7292415FC8A45863F2B4DD25FB22337,SHA256=FFE51845DCE6AE33E29E8FA579A8F0FFAFA4A4C65DC114BB02AE056F6315294B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:26.849{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F3FDABEF5D360DEFB77BBED07C3A717,SHA256=F4410F61757AD927FDC0E1D431A0ECEF4D1B45C4953725B81FC994E960563FB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048992Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:26.933{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD25E4AB652C843F93148844800EF1C3,SHA256=A6331B1AB9CE23A6BBB5DFFC671087AE3A609C2C66CFEFD8EF0C6F7DEBC57A73,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048991Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:23.227{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52458-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x800000000000000048990Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:26.199{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1BF954E80072E96A1D8715F1ABA42901,SHA256=F27983A9198C55AA5E0CDE99E475219D24B8022BD02D0C04376E6F9EABCCD694,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:24.524{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47486-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:26.036{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1FFB06EA361A86BA7D8E35953A2A1232,SHA256=A74DA9E30AE95A5B95B11429E2089BE6F7D726DAA508518B7BA9659FD2586D4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048993Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:27.964{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D88283BC593E3DE49491E764DACFB7A,SHA256=1587106AE97128BDA0A36381AB50186A758A34399923346E73B5EB8FC05E94E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:27.864{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAAA41AC8648A7BE802B0649ACC30B57,SHA256=A10D50318862E8876FE13CABB186A6723C2B262B63BFEB71AF409185BA31E289,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:28.880{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F3DC19F1818DCDA527D6AA482E586FE,SHA256=3E0CE33F10834FBBFF6D9F754517A9062A59DD02184CE205F04DC4E8A671B9DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000048998Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:28.965{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=085A00B3F88F6B9FBCF60F52FE33B6E8,SHA256=41015444E2605F35E8169F632BA8EBD7E7DBEAF69EB3B3663F81F29D59C2975F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000048997Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:26.226{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63391-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048996Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:25.720{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59640-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000048995Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:25.715{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52459-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000048994Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:28.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8EF30868C8119181CEEF3C3BCF343527,SHA256=D9C5E33226816C2F2F879061092E4820CD9585E8301188DA4B1D6013F454F5E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:27.109{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57427-false10.0.1.12-8000- 354300x800000000000000062671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:27.006{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62878-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:28.036{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=75E77ABD7E5C3A872E900172DC466B65,SHA256=F8408944A396A3FE0C569DA9040462615DEF4D667993538DE32393A1324F1F54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049000Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:29.996{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCDF9DBD75B93DAB5D0D697B471EAA31,SHA256=4C37D483DF2C6E21CC23C99F3D9B421CE553F3BB051CC4AA0436B2F9A9A71583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:29.895{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=84A2223E9A2861C09427DB7D1B40DA69,SHA256=AEC0BA811EB1256353B099C8CDC70820106DD5ABD46E5FF295FC510C1DC5B9E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:27.558{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50229-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000048999Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:27.171{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58159-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.942{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1214681C5066FBD0A2E6300A1700EBA9,SHA256=4B476B740F739B140B6D6E5505706231D9F284FCA11812F5ABB97A5C72408B20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049001Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:30.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BB5CB12717C223082B7C3D34372B23C1,SHA256=C7E28A46A9E81AAEF2E1CA37B543B80EE57BAB9D33EB63DDA32F79E079431B61,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.911{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.911{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.911{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.895{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.895{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.895{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.895{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DFEF-607E-A109-00000000BB01}6196C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000062677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:29.078{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48854-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.755{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A3549E340FDEE4CD2A1F4C00F60D6788,SHA256=58ACD547A26E69674995197A383B4D753FDEF9093DAD3ABE908E01525E2C400D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:31.958{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D67E216B209B3A42C1727EACC66665B,SHA256=7F95F24493D614545C4B3018AAB74BC189EDE86954653C77928D713835442F25,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049004Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:28.966{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62608-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049003Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.402{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF40DA09689CE7BC13990B76068C9CD1,SHA256=9050F325A9A5D8299968257DCEA80A4D21D82CAE27CF905B1C46BCE4AAC7ED27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049002Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.027{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC247795A00AF72E936CCE52C0A0EE06,SHA256=EB68BDDD1401AA73A6A974F57F8C39A87335CB38BF0320AD375B268E0214CFFE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.535{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52965-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:30.063{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51389-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:32.989{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06A3B146AAECA3E1B47C68CC845BFF23,SHA256=618BADBFF3E08835EAE7E38C8527DE512A9F530557EC190E78667487C7897BFB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:31.532{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54560-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:32.052{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A73E4E66FAA0C0E8545DFB8CB6AD7FB6,SHA256=AB184DFCD6A429D530780075B88DD377AA10438AB8765DCD49B6B3CDF0F8F728,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049006Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:29.787{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51859-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049005Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:32.074{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CA997A2FD026EB040680CABE751CFFA,SHA256=2146A9DD79B5806F7A53A2483BA7D11F9A390952CB326F728CBDE56145C3EC8F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049010Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.404{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64090-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049009Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.365{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55643-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049008Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:30.778{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61117-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049007Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:33.121{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F80C95CB8B5916F571136463C2BB1452,SHA256=B906AD3CE6EB17D8AF05B7A6CB55F879E88206849D21C3AAF4E876AF4F9C5EEB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:32.156{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57428-false10.0.1.12-8000- 354300x800000000000000062694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:31.939{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51597-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:31.934{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54333-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:33.645{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A38B8FFA03191E6BD5E92EA44A127AD7,SHA256=98D1B9D99140126EB9D49C19E3D6556E90416387047741A95EFD1CA5C52F9702,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049013Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:31.731{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52460-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049012Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:34.136{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B52CA01A501A16E602A261644681037,SHA256=5ABEDBDB9088B7A264396F6B6EC6B2F96B72AC814577BA213DF9F4C14083053E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:34.739{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7058E64BA00DB96013412160746E187D,SHA256=60EBF7BC60E92364A9942A974E1E967143F96E73985E528C3E935046356E4075,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:34.005{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F98B10E319D4B3CB67057BD38055DDC,SHA256=2FE912C4707E0B66566C1D78C57D68849076DE580A07EFFDAB14E7DA59F6EE21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049011Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:34.011{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=511143772C21AE76A23ECD368EF13224,SHA256=F03992B62B28E55708E2CE4C6111B454FB8E3E1D2BC6AAD3235658B7D42C5362,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049016Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:32.968{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49191-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049015Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:35.185{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=50F1CC0083583DA42FB3252D1A018583,SHA256=06B458001E2E77859BE4C5AA3B2E37DE1C12B4FFE8D3952D2FDD72F35F0B0B3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049014Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:35.153{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=615042E4B3948A6FFCCF94B808441A16,SHA256=36134F0490469FF5CDA8B488FE062F356FF6ACAA201D77D3A0F73FE39AEE11EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:35.020{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE73181AB034F8A095AEC26B21E5F964,SHA256=AF0A6BB078096B4C8AAB0D416C6ED381C32257D8FA44C7C4E804A7B48BF748F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049019Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:34.631{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50670-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049018Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:36.509{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2C2F870184AAC8F77C57264E7F017148,SHA256=B720739FA95556AACCCA9166B3ADB401A138BB8D5753272741D9B34E1415D979,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049017Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:36.181{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97B6DC82A1E5330A91945A041FCA7376,SHA256=1778AEF916295D78BB325418DEEC5713BA4C433130D5F1E59D1BA6064C6B18FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:36.911{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9D64732FEB19CB68BEB83035E092E613,SHA256=BBFD72BB22602BDBBFA0D062CD8D39062C88C04AD7DD114AA14D3106BCD04A36,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:34.962{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56246-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:36.083{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F21A4687768C6F8583F4C1CDEBBF2A4,SHA256=C3B820572C7C4B3D326E4BD5DE48969B1DE2F25E6A038535FFCE3D08950CC1B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049021Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:36.087{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52142-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049020Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:37.183{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=985869E079C768CF3E15848C53D9E797,SHA256=CDB05ADDF394D0E14791667FFC090FBEF54439C1DF6D4D6FF05B106DB20F7320,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:36.470{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55701-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:37.083{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F1B156B4071E4916DC0B1A2B7A707EB,SHA256=C825B5A1F39CED8E9DBDC2E5919F80B3559720371F6AAEED621C81044E73D713,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049024Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:36.777{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52461-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049023Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:38.214{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61074AB2461018FFD40A094E78887147,SHA256=FD31271DDAED78025C8DCBA0254275402BA15FC2A35151F4DCDEE366B8CEFCA7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:37.692{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com64902-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:37.203{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57429-false10.0.1.12-8000- 23542300x800000000000000062705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:38.255{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=706FC4F161DEF1CC8403908936B7A5FE,SHA256=C3DACA02AFB0EA1FD41770F4A753489CB1F8F9AF916D8863DF75D54FDA8C996F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:38.098{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DBA18CFBEF1FCA804673994380FC8614,SHA256=D48380FB5316C6637A1730CD9A31AC7A85C90687C847BB8C19631850E10ECBD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049022Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:38.199{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8A4ACA11C62A5F425CF9640D3D130D9A,SHA256=A23C1A0287FE4BC4A7CB55F75DED5B3CD004EC2B1DA8E05D020241D72D52787E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049026Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:39.386{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8E4EAE75027B3D4F569F98AC15948008,SHA256=BC9C07D569CF971C974BF0A07265079560F50C4C6EEB1E9B1E62F4FAD47DC50E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049025Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:39.246{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFDC3DE14B05FA8316FF79976533C155,SHA256=8A7AA8E167007D3CDF6A515E7CC99478DA9F3A1B32B1F36797A3A2A1DAFC6698,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:38.040{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57069-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:37.903{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59805-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.583{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=50364E55F5E8E77ABE2C7EDD5ECDDB9C,SHA256=E1A8A8E46792B27A8413F6D2490D9FAB3DAC8DDA70624BE5A3816AECD6B02C28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.130{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F258935053D5D16BF30D9EB75C7B9612,SHA256=877E79F1AA85FEA56492A1C38CCD419DFE4B104310B903BCB59F9537E54A2B4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049027Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:40.277{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D752CD56D5C7B06F7A5B18EB8212B5A,SHA256=AFCD4EC348D1526FB6114E18F022A662E04C35FFEE654E7F7F0AD3417D056B4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:40.833{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D74CCA51FAD6D10FB9F6965615FF6D8,SHA256=FDE8A2F480F814ADEEAEB4AE0BC828B8E655483FF249D079C33A3D477E2C9646,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:40.145{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D29733C4BC1162BBDE014D944EA06C25,SHA256=D06BC223426057CEAC9833B5EA755261FA08871AE69C6ECC193E4545F7F32809,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049028Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:41.308{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F21A47B14E2583A3F670EAECF71C9142,SHA256=BC5993A59041D218F5E8F575603309ADEF507F98D263E9653196E34BB534C1E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:41.161{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FE4A5B1CC385E02327FC2365646FAAE,SHA256=6CC89F2E0784250265E90543554B1CB7CD8266AB7817FAD82B4F81A78BB1051D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.807{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63535-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.580{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58437-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:39.545{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-2197-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049031Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:40.793{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56570-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049030Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:40.691{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53478-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049029Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:42.324{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB41FAC1E3F06F7EDE5AD2A7A99FABFD,SHA256=E7BA91371FA6AEED5328BD6B8D7EDD4828C6FFBEE4698CA5766A65EB4F740C77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:42.176{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F977B77DC9F8520D31399B80335F715D,SHA256=4F42A363B2B0775CB0F1667204F104FC152FCE0F145EFDDF58E634992F657B4B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049035Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:41.793{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52462-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049034Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:41.669{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com49357-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049033Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:43.371{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B71A733CC349F7D4CE71422D45AC8897,SHA256=33EA80D2177CE3F0390159806DCF2C1E210E4AD90454EF0C3AC691F0482A2AF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+194dd|C:\Windows\System32\SHELL32.dll+61df0|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+194dd|C:\Windows\System32\SHELL32.dll+61df0|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.520{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-DF97-607E-4709-00000000BB01}6584C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.192{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88F430739FA5C73ED5D021D5D0059F26,SHA256=B302CD9D145B4F5D931846CC66A529FD8EF8A38DC6C41661BB0A3A830AF9039C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049032Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:43.339{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=05833DD36648A056951ED2B4CC7150BA,SHA256=E07BF5F9E6AA9ED2ED7C0D0A922C0C8EC26CF6BF64DA6422EE235442AB30DC92,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049039Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:42.590{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58044-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049038Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:42.247{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55095-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049037Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:44.402{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53C2837C7BEDB364992266718DE3C1EB,SHA256=D79739352744AE163EDA0C6F05D9551A5E20953F740CDC16BF0C21AF66569C04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:44.489{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AE21D260841A6E5C18446B3FACA61E6D,SHA256=AEC536BD65ECFA987B6BA2940B2A0A36819AC4F23893AC7D65F696E5FBCE9097,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.121{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51351-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:44.254{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E84AE1242E5A059BB0FF6F74B226108,SHA256=C4E0E3C6EBB790D0E2053EC410B28E222DEAA92BBE6BC31A135D0EF38FF8654E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049036Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:44.371{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD6337CF9A82652EBFFEA63696DD04AF,SHA256=8FD93D349F69E690EEFC9851C081C4533794E1940044DA630FDDE583FD21B689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.864{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=20803AF46FD6C158A4295E38BC88B92B,SHA256=4C92793CD64292C1F61C1AEE2521379F8034026076541ADB2C911AAE00D63493,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:44.020{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-6301-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:43.249{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57430-false10.0.1.12-8000- 23542300x800000000000000062728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.270{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1F746D325BA426DEC01125EF314A74F,SHA256=A9C9387B0DE4DD5B1C380AD79B8B0BD9CA9B37A46261213F9DBE0C0CF5F0F16C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049041Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:45.668{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED0FB85CBF1E1ADB74540720CFE5D2EC,SHA256=F3BDA0B5CEA91CF3ED493C33BBD52D4BE07890FE66AF97C971332479723974C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049040Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:45.418{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4C40195B0385BB7C422B283C486051D,SHA256=8ADDB545FC8A9CE7DCDC0ED1CDAD7ABBAE08222109483BEEF194B634C77AB4DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:46.317{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A87C34E47FB21913B9C1242AB098983,SHA256=7521466EB18A35C2FFA62F8C2DA50914412800C6549C20E9A27855E6B3428846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049043Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:46.438{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54F8D78562E08A13A2DCF80C3164C63E,SHA256=665B7B78A6EDAAB0949E6C1AD308A69242F3CF497EC5820531743343BCA2CD1B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049042Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:44.153{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59519-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:47.551{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E3A5C884036A4BFC23A08100851EF23,SHA256=8806B14E4A4F6C77CE11C64D97A0C07F41C114454D1A36B15E8A70C33369B840,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049045Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:47.438{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90CF574A83ABA9BE8B123FB23DC03750,SHA256=F8DABE2FD1613CAE117F604D673565335F6F88A45E08AADE3DE460094C330BE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.936{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60923-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.566{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-339.attackrange.local53domainfalse10.0.1.14win-dc-339.attackrange.local65535- 354300x800000000000000062734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.566{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-339.attackrange.local53domainfalse10.0.1.14win-dc-339.attackrange.local58172- 354300x800000000000000062733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:45.565{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local56757- 23542300x800000000000000049044Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:47.423{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=576EF37A52D2F4A8F59F9A6D7F119AC8,SHA256=268A382D8463E5D093F857C2B4B417C4758800737504A51CA6977936F7A31EDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:48.583{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=255DB3D8684D50DFDC04BFE9602F90A8,SHA256=397E5B85DF14B79F907F92FB57AAE7B2AD6A0E4B82499AB24EED073D772CE9BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049046Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:48.454{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CAF69B216CC05D7554348DB764ED2E6,SHA256=AB0F2256C46FD515A46ECA7640635A53E7AA5D05BB802D88FB381506F5FDBEE3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:46.980{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-9035-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:48.489{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8D03168725C4615C95869F2A84584BA,SHA256=553C79D6B4253A4D79C06A41684C74DC81B96A63F952042A8AC0F8E8D9212EE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:49.598{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0EDCDCA015EEABDE9BF85C1009B7469,SHA256=5902A2E8403C28F34B82A8C4E3AEB511F185C189C5ACEA8EA60686D7BDDEE9D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049050Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:49.844{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CC6F2867B9E15D6084569026CD1838EA,SHA256=E0F0274FBD231646A642E8A2D9A71062BD1F2E4E1F6D080E09EB5CFAE8FD843D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049049Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:49.454{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F444420588FE8FE0625711CB52454D4B,SHA256=080A1D9ACEAAF8A805BA62BF9BDC9DF2031E9DFCE129277061E6DFE163E6D3D0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:47.443{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56784-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049048Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:46.798{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52463-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049047Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:46.660{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53621-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049052Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:50.485{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3CCDED44CCDD98F8820E8BF90305CE7,SHA256=EA694B1128D04F5B716B3A877B6C460CE01B3B6DF521C2124C1A711995AF2511,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:50.645{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56A2A2034574C91C0C43B7930595ADE0,SHA256=C5426CDBFD7882BCA22EA64FD0409385E0EEA6E842C5629EE3D89F42E57644E9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:49.281{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57431-false10.0.1.12-8000- 354300x800000000000000062743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:48.550{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7668-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049051Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:47.248{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62456-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049056Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:51.516{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ECC558857109B75D025FD6C4C7EED8A,SHA256=1003E8DEAA73D3B57007F0CBE9F657C871403BFA561E283635637467DF7FF986,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:51.661{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11B418F5BAB60D07C071E42B6E4241E,SHA256=2A4F6B67AB4DFEBA81FDC28499DDC6172C3DC21959E616811497FABA052BDEF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049055Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:48.700{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62749-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049054Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:48.668{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60988-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049053Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:51.079{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BD8154AADE062D84F553B762DBFA6C33,SHA256=51947EF056B8671B509C2FD6CBA6C31E0341A33865F715706B3C96DF81E93B9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:50.206{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3564-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:50.138{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11772-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:52.692{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0CEE9BA8434A080D6A639ED42DDEFB4A,SHA256=57F2F94E8C2A97B0129A3531B59AFC653CDED6CE8AEE982CC6E9EABA249C72E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:52.676{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D8F6B88A282FF917755A072FA041B608,SHA256=0EA606761E28570816C8FBCF1C439B3DBAF295729A870DE4597703B7383D4514,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049057Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:52.516{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8946D96529CC90371012C26B3DB486F5,SHA256=DEEAC2579FC53324B9BAD448953813BF523BBE9AE4BF234909BA7B3459925024,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:53.770{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49C3410FE97077286E34CAC07B8A1285,SHA256=0B9EB5AA801F3FFD593D17C56FDAC20ED9A39F7D771AC1291EC5D507DC7DD779,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:53.739{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBA6CD8F81C72DE8580ECDF84111E222,SHA256=D6EE6F0D40FD4297A4283E57486BDC602A1FB4638D890E8AAF4E9A1C698CF0FB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:51.619{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64004-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:51.590{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4932-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:51.555{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-13137-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049061Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:53.532{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF12473F39A8F2D354B237C35A2F29A9,SHA256=217385F62CA7EEB9C248999402E1BFA203ED976B1BC12C20CBFE7A371AF7AECE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049060Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:53.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F7D6D4F89ED544CD5DBED2BA56F45A40,SHA256=C33CFEF40EDAB0AD49B8CBB23550F7E7444AFC2AED093473E485C3D1196D859C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049059Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:50.612{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62524-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049058Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:50.413{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65412-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.770{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F719CC127B8102D692BEEC3496CFD59A,SHA256=A17A431CB99DECEA8B9EEA0055E87D71C7BC5959BCCC8B8A4934E4B9BA9C3EC8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049077Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC6-607E-C606-00000000BB01}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049076Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049075Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049074Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049073Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049072Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049071Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049070Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049069Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049068Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049067Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EAC6-607E-C606-00000000BB01}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049066Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.860{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC6-607E-C606-00000000BB01}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049065Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.861{85C0FFC9-EAC6-607E-C606-00000000BB01}3024C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049064Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.563{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEDA885B131127D248AACCE03FDE44F6,SHA256=E9E2DDCA61C5D69FE4564AFF94EB309A444307F13342C519961DF1924199AC01,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:52.997{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14503-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049063Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:51.829{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52464-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049062Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:51.826{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63933-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:55.801{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D3EDD5E533B90822AD2707504F3248B,SHA256=F261F9595810A0DC0114C48579976CED2EB8BDDAA82B4C502392988EF13F99FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049094Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.673{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3E7DAE3D794F332D6906FBE33A7CB19,SHA256=14593084377B57599534A7369773B47E436BB16C7EE086B2BAEC3C3859A179A1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049093Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.641{85C0FFC9-EAC7-607E-C706-00000000BB01}17803488C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:55.098{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4A23E74B28ECD927F590A7E64A5951B6,SHA256=C2641C76BC007C28E6D77A39BEC5E73BBAFD2584D44D847DDB6939778C4738ED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049092Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC7-607E-C706-00000000BB01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049091Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049090Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049089Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049088Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049087Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049086Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049085Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049084Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049083Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049082Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EAC7-607E-C706-00000000BB01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049081Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.532{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC7-607E-C706-00000000BB01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049080Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.533{85C0FFC9-EAC7-607E-C706-00000000BB01}1780C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x800000000000000049079Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:52:55.485{85C0FFC9-B7ED-607E-1000-00000000BB01}992C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d735f4-0xd8b6987f) 23542300x800000000000000049078Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:55.016{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B2955C4A9AE039905F9A45BEE2BD3659,SHA256=5239A760EA52A3D509F037686BE07ABFF4EAE921ACE3554758B04F7DE2CF2707,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:56.895{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68F677E09D3C847FF8AA2F016E150FEC,SHA256=318C2836674E14FB014FB000AAF75B31FF1383123FFB6B69185ADD3429200BA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049110Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.657{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81C8F218C28F0DB274FE6BDD828E4439,SHA256=A9BA102E464A127C912EDC272C5AB588641A45CB4D420B43F57D84B3D27566EE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:55.169{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50176-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.640{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57433-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000062764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.640{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57433-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000062763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.513{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54651-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.419{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-15870-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:54.296{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57432-false10.0.1.12-8000- 23542300x800000000000000062760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:56.676{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=203A1C3D146411FC3DAE02669C2E4B43,SHA256=C9939987EB1531E67A162D9A473B2163779146F37D5145EEF7086B96F4E58B09,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049109Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC8-607E-C806-00000000BB01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049108Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049107Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049106Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049105Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049104Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049103Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049102Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049101Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049100Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049099Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EAC8-607E-C806-00000000BB01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049098Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC8-607E-C806-00000000BB01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049097Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.204{85C0FFC9-EAC8-607E-C806-00000000BB01}3636C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049096Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.157{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A6BECCCD43B0F2CC347F370CC564AB26,SHA256=1C37297B4039BD89135C41ACB523444AF1EC480006EC7828425B18FD74FD754B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049095Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:53.566{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52007-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049141Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.798{85C0FFC9-EAC9-607E-CA06-00000000BB01}34402988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049140Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC9-607E-CA06-00000000BB01}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049139Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049138Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049137Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049136Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049135Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049134Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049133Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049132Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049131Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049130Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EAC9-607E-CA06-00000000BB01}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049129Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.688{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC9-607E-CA06-00000000BB01}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049128Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.690{85C0FFC9-EAC9-607E-CA06-00000000BB01}3440C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049127Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.673{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A6CD8225769C363D2D892B92B5AEF0D,SHA256=B70FE7CAED4181F69820BF2389A27B35CDB94B3DC47EE97A1C44C6A11224E542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:57.910{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A16A825E5C03BC04296422AFA04F9BDA,SHA256=F43F26C403E7394C39D18660843D02B964EF4D9185D0197D8D9D23DB3B5BCFC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049126Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.282{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A87BDEC107476EFDEFE79314DE064321,SHA256=BD1152DE5C12A8C461A454AFBC89024AB3082B7298B2B5A4FAE1145E839357E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049125Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.267{85C0FFC9-EAC9-607E-C906-00000000BB01}38602888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000049124Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:54.965{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58327-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049123Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EAC9-607E-C906-00000000BB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049122Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049121Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049120Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049119Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049118Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049117Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049116Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049115Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049114Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049113Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EAC9-607E-C906-00000000BB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049112Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.157{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EAC9-607E-C906-00000000BB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049111Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.158{85C0FFC9-EAC9-607E-C906-00000000BB01}3860C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049157Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.829{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16AFAAF0552D60ECEBB5E2A80FD0BF41,SHA256=5324E5E92B76394D3A985BA9D11D1D0FB8C4A98D72338AE9990D82F8F6B06247,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049156Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.704{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01E299655B7D33FDDD5FE34216A8680C,SHA256=285077FB1691926A7F64A2E2A78D7E45487EC9EAA0277766F17C1D6C837A0935,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:57.445{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-10403-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:57.408{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18607-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:58.692{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:58.004{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=238F330C9B7D67D4CF929C1BA89EC9AA,SHA256=925790BF94DE1775DCE868934D5E8A6330E4276AA5D686AA9F70832E384378C5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049155Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.470{85C0FFC9-EACA-607E-CB06-00000000BB01}2724956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049154Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EACA-607E-CB06-00000000BB01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049153Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049152Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049151Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049150Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049149Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049148Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049147Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049146Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049145Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049144Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EACA-607E-CB06-00000000BB01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049143Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.360{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EACA-607E-CB06-00000000BB01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049142Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.361{85C0FFC9-EACA-607E-CB06-00000000BB01}2724C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049161Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:59.907{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E3EDAAF7F3F46A9BF2A7CD136E0E8E42,SHA256=35693D151989FC13CB2F50C6C64F89BACBB319D22D5C9E026F14BA025FD0D35B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049160Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:59.720{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=414BA2A07597FEB548B463DF4C7CDA2C,SHA256=0332BB7E7BDCE920F99ADF094348A005762021DAEB701B1C1B9B52B47A370B3C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:58.749{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57434-false10.0.1.12-8089- 10341000x800000000000000062782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACB-607E-5E0B-00000000BB01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EACB-607E-5E0B-00000000BB01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.192{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACB-607E-5E0B-00000000BB01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.193{A7A01FEF-EACB-607E-5E0B-00000000BB01}5704C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.082{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9BECB140DB89A0B5184780ED1BC9EA67,SHA256=0C936A847E7489258E02A998CBE69748F77052EAD6C4086A1ECB968AEF43F9BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.051{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7A3591084BD7B014504360A97BD346D,SHA256=65278FFBAA93B851EFBBD06234614F618AFAC6C30E8EF4C9DAB10EA268BC5C8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049159Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:59.595{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=79DFE30BDD3625A7A60E28D7699803B2,SHA256=EB851B9E1C9E0EACDE31F8B5906C6BC5769110334DABD44AF7625B418D891AAE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049158Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:56.805{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54983-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049180Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.767{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C4194483AB068FE234F33BB15D30D9A,SHA256=6B9DCD942AB5DC9BA443874E72B941A787E5B056D89D48C973958DD97C581998,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACC-607E-600B-00000000BB01}2364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EACC-607E-600B-00000000BB01}2364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.957{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACC-607E-600B-00000000BB01}2364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.958{A7A01FEF-EACC-607E-600B-00000000BB01}2364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000062794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.442{A7A01FEF-EACC-607E-5F0B-00000000BB01}41444476C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACC-607E-5F0B-00000000BB01}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EACC-607E-5F0B-00000000BB01}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.285{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACC-607E-5F0B-00000000BB01}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.286{A7A01FEF-EACC-607E-5F0B-00000000BB01}4144C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.160{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9B006BB75DDE1838E3527B9F595D75B4,SHA256=18F3096A82674670D1DFBAD9672096C56857569840FA885F832D4B116C222584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.082{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D30147252E4C9F08255EB4A4BD48DE24,SHA256=C48F5CC169A2A84329DBDF842489D16FA469FE13613BCBE2A31BAAAE703E9B60,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049179Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.610{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049178Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.610{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049177Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.610{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1500-00000000BB01}1176C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000049176Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:58.408{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56463-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049175Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:52:57.829{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52465-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000049174Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EACC-607E-CC06-00000000BB01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049173Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049172Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049171Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049170Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049169Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049168Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049167Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049166Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049165Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049164Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EACC-607E-CC06-00000000BB01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049163Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.204{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EACC-607E-CC06-00000000BB01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049162Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.205{85C0FFC9-EACC-607E-CC06-00000000BB01}1960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049182Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:01.813{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=493B81565511C3AC88DF40A2D567B6F8,SHA256=2100F92C94337A30756C27D93F76ED5B57C0515FF5DFDE4F1D22F69D6A2DB9D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:01.301{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F577F51A26D16079C6D47CE3DDEFB3E2,SHA256=56778B703264EBB7CDE5D7F7ECF72F9B4813B8D596EFFDE533D3FD63CEF013A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:01.114{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5ED9782E2A9465093E972C16EE8B3D6E,SHA256=31F4C0D9022559C53E0CF10F1F4435EE699713F1391BAB60D14D717D4D9931E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049181Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:01.329{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=750C5B7CE85AA227E9C9A5CF673FA9FE,SHA256=01215D38F034F73F81260C442D46A51F6A37BCD6D68D418A6E2CD2CAAE6EA12B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:59.110{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57234-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:52:58.883{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-19974-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049184Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:02.813{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0F8077B65DE1558F1AD4C223D13FA75,SHA256=805310A4292D7B45556BB034192ABA798F33C83AF22F217039F58D56EE3603DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.613{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3CCD7312CC15D566230C1E6075673E6E,SHA256=D2120D9E1B531DC2DA1CC6A82A777ACF084FFFE5BC5F17BA0C6697738434F160,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.504{A7A01FEF-EACE-607E-610B-00000000BB01}53765532C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACE-607E-610B-00000000BB01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EACE-607E-610B-00000000BB01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACE-607E-610B-00000000BB01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.364{A7A01FEF-EACE-607E-610B-00000000BB01}5376C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.129{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FD85A9613321AE8EE1E477CF33D00B8,SHA256=0A5CB9392CAD76A6180107F1368495B77C7FA4F55B391834D1907C5BB84FC96C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049183Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:00.021{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57948-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000062807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:00.140{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57435-false10.0.1.12-8000- 23542300x800000000000000049187Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:03.860{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=539F4EEEB8B03B2376092CB2327C94AE,SHA256=DF3969A8B7B2890C5A416EC35E8E1BD78E7DCF213019E817345904A2B66F3DA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.863{A7A01FEF-EACF-607E-630B-00000000BB01}16286860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5ECE60E22DCB2DE68FF53B86ABAE8149,SHA256=EBAD62FBD2DE127A332EC0A5C6A42D179A1B7AC3BE7FB4A50448F39062E5DAE6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACF-607E-630B-00000000BB01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EACF-607E-630B-00000000BB01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.723{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACF-607E-630B-00000000BB01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.724{A7A01FEF-EACF-607E-630B-00000000BB01}1628C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x800000000000000062830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.207{A7A01FEF-EACF-607E-620B-00000000BB01}58046000C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.145{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10640983EA706113D464B0B15F497A11,SHA256=86268BE3BC77211E482ADB62F2493B7169E44945A263C9D11EBA3F26AF0039D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049186Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:03.673{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86ABA3A6017981265EDA5AC60A6428E9,SHA256=B18E07319070C4527943AAB1052B19BB3291458F17069FDCBDE36F9818251A66,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049185Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:01.031{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50517-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000062828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:01.551{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-21341-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:01.377{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49656-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000062826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EACF-607E-620B-00000000BB01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EACF-607E-620B-00000000BB01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.051{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EACF-607E-620B-00000000BB01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:03.052{A7A01FEF-EACF-607E-620B-00000000BB01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049189Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:04.892{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78F76B61B21070D859029F16C76A27FA,SHA256=CBC87F6471EA863695293B42108473F02C67787E847778C3315948EEB9D1BB53,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049188Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:02.826{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61221-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:04.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F727FFEF36F0BDBF6CA857CC732B8DA7,SHA256=89A7B1B5269A5D0C044A5918032300F47D8DD9210952483F128ACF1B129B75C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:04.160{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F28882DC3A989706D699E306CA7E360,SHA256=6BBA8290BAA59071B7FA776F9EEEEF102E0522EBEA44C00FF26453194B3D4DE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.773{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60341-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:02.741{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-22708-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049192Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:05.985{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76C89245DD52BB2A30CEF87DB150E77D,SHA256=11D5B642AA9F44FA06FBFEE0C5BA07E8C044A3C9AE0360E0FB20F4ECDF6D71D7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049191Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:03.657{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52466-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049190Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:03.392{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51439-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000062853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EAD1-607E-640B-00000000BB01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EAD1-607E-640B-00000000BB01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.863{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EAD1-607E-640B-00000000BB01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.864{A7A01FEF-EAD1-607E-640B-00000000BB01}6784C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000062845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.192{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EA9CC3F07BD94DBB7BB56F7A95F5243,SHA256=560FE98D8696136F5E0FC5392673E393388A8D344EE83087E5D72B3CAD382862,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:06.285{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E19311BFEBC992061B00194B83A6C92B,SHA256=7E8516F3A6CF41D3F9D9AD3403F355887C7D74E9FF524F664D16275E82FBA008,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:06.223{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E988B11721E75DBD1D6A0A0DA3C92DC7,SHA256=E04800D5DD75C6EB796274B391630FAE3F9534C06EC71CF77399C1939FF45709,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:04.575{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-24075-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049195Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:04.780{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62414-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049194Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:04.220{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53497-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049193Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:06.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=81C7A71FB6AA9521E722B0C45EDE156F,SHA256=1DBC266F16B6E6E4DC8A5F9C6B857D3461824889C8E24110018D335163090619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:07.254{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0268D7FEDBC544C550B58AD9143641D7,SHA256=CDEABBC6FA24D2EC11C34EDDA769A3EDA06E8CB5C40091B581FBFAEEBDCAEB2D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.217{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57436-false10.0.1.12-8000- 354300x800000000000000062857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:05.058{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-17238-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 13241300x800000000000000049207Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000049206Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00c6e1d1) 13241300x800000000000000049205Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ec-0x7dcccd1f) 13241300x800000000000000049204Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f4-0xdf91351f) 13241300x800000000000000049203Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0x41559d1f) 13241300x800000000000000049202Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000049201Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00c6e1d1) 13241300x800000000000000049200Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ec-0x7dcccd1f) 13241300x800000000000000049199Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f4-0xdf91351f) 13241300x800000000000000049198Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:07.625{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0x41559d1f) 23542300x800000000000000049197Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:07.453{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37A63CDD325ED898746203EB7464F5ED,SHA256=3C67CD21298F1419EBADF2687950B42E558E4B0CC9CD0938F01BA51032A4B9A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049196Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:07.000{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7E8CE42B617C5013EF4F1FC489FB775,SHA256=91FDAB47A5FAF762C854472159AFBD7C86D838C4793350A97B061C647FBCC1EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.692{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDFD6DC7CCCF9295619BE94F861B8A91,SHA256=49AD85CB2DE2AEF7D9193E64C623AA0162394F10C762012728D609ED0DC83714,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.317{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72FE4A815AC22AC42B7EA78C869CB0B8,SHA256=3D7938469F7FC29E73857DAC9E4B5FBA55C9721E0A5530329589275EDEC6D5C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049210Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:08.703{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DE2C8286C327837A2393B36A531FDBDD,SHA256=E6F089541897E26F2840DA483BD6A074A0509D01AC45AD7D97DFEEB2BBC1EC74,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049209Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:06.164{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60924-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049208Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:08.016{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDFBE3D01F588CEBCE2FE5F71E414B35,SHA256=965B9E9D2EB3665FC7F5BD6701EF86F67167790017D688AE72BB10881726DC40,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.191{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.191{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.191{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.191{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2700-00000000BB01}2724C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:09.332{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A39C7081C6A630D9A65FB583C2385B15,SHA256=D824D8FDE0464C1C1EEC87731FC8CD69C777B98EAFA261BC46AC78808B6F7975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049211Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.032{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03C3B903CF62C2A56D32C50588B578F,SHA256=4276E5780B21AFE9694081D277008FC370BB8FA1246E0B961EA5C5755030402A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:07.623{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50484-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.691{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1335FC5F76CB0D1380C938C196E1FCB6,SHA256=09642EB6A5E29FD74F039EEC2C8A32361C97A3FBB882F616B08F168FD7CAAE57,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.582{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.566{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.551{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.551{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.535{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.535{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.504{A7A01FEF-C0A6-607E-8105-00000000BB01}8361124C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\7-Zip\7-zip.dll+4f38|C:\Program Files\7-Zip\7-zip.dll+61c5|C:\Program Files\7-Zip\7-zip.dll+698e|C:\Program Files\7-Zip\7-zip.dll+6aa9|C:\Program Files\7-Zip\7-zip.dll+8771|C:\Windows\System32\SHELL32.dll+80287|C:\Windows\System32\SHELL32.dll+6718e|C:\Windows\System32\SHELL32.dll+17c79c|C:\Windows\System32\SHELL32.dll+19ea68|C:\Windows\System32\SHELL32.dll+2845a3|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+17ca40|C:\Windows\System32\SHELL32.dll+179ebe|C:\Windows\System32\SHELL32.dll+736e1|C:\Windows\System32\SHELL32.dll+765c6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026 154100x800000000000000062882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.509{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe19.007-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Temp\" -an -ai#7zMap354:64:7zEvent16129C:\Windows\system32\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=04FB3AE7F05C8BC333125972BA907398,SHA256=2FB898BACB587F2484C9C4AA6DA2729079D93D1F923A017BB84BEEF87BF74FEF,IMPHASH=9CF6F80DD6DFE9900700C1E11C318B2A{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 13241300x800000000000000062881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000062880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00cdef9a) 13241300x800000000000000062879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ec-0x7f411579) 13241300x800000000000000062878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f4-0xe1057d79) 13241300x800000000000000062877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0x42c9e579) 13241300x800000000000000062876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x800000000000000062875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00cdef9a) 13241300x800000000000000062874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d735ec-0x7f411579) 13241300x800000000000000062873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d735f4-0xe1057d79) 13241300x800000000000000062872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:10.410{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d735fd-0x42c9e579) 23542300x800000000000000062871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.348{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A2C1E145BCB06BD90631111202BB230,SHA256=0D9C93CAF82655C976331687E868BA007ED9CFBDC0E39D4E58BF4438DEA70400,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049213Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:07.966{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65376-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049212Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:10.047{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=687C724DD9EE4FFB99A55011A969ADA1,SHA256=A183E1D332D2EFFB7CE5DD0167A75512C4731CCA2CF38E2324390A2D6F051F41,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.961{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com59735-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.904{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-25442-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:08.700{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-28176-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:11.973{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2A5A2647A1FD3439618A539EDC9C0A00,SHA256=97CC6FAADEAB4305472EFBD8DD861C3D19EDD8A3DC625611A7C69A919A9AE5CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:11.457{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C997C23F05D83D30EAE8D9159297D5A,SHA256=A1D107A7822F1CC6E0D9AF050B258F273DCC3B63C9E58AC34C0A0A1E9282FF10,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049219Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.672{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52467-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049218Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.556{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50490-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049217Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.349{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63892-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049216Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:09.052{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62258-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049215Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:11.453{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=78135C931E3E84B13DE56B5A4F4B0458,SHA256=7DC967FE8DDD2249729484EA799AF246EED65E522DA4CF1EC14376D33C850C59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049214Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:11.063{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4FD6B6461B1C064D115BB6E7B7C5E7,SHA256=9DA46EA5564C717D0BF3E9229699F31AAE9E592D3DA05A1D90374A59D31C687F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:12.957{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:12.957{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:12.957{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAD6-607E-650B-00000000BB01}6596C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:12.473{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C01C521B47FDC3F91288C9AECAA7BE5E,SHA256=5046B894A1AABEDE1B18B0D2996BECC426E122F81D84536ECE9B0AE10E95794C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049221Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:10.627{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59437-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049220Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:12.094{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DC429275712A05F82CE6CE9715207BB,SHA256=6C8FE60DF669C4F8D00BB75BEA6F7ECA2161DDB946D6F353874C0DDA2E20B8B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.264{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57437-false10.0.1.12-8000- 354300x800000000000000062908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:10.217{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29543-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:13.488{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AA785628BB4176B7680E888CCEFAC52,SHA256=B0F974CCFEDCC1357BA26D59861F8DCF3442FE0AA7FA01CDFCC68CB092A5C845,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049225Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:13.750{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0806717627CE5B560E6B16DA806527D,SHA256=5072B1AFA7CBD65D67E49E457B6ED8FCE7D8FA905EA813C94BCB93B89F822984,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049224Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:11.682{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57978-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049223Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:11.112{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51977-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049222Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:13.141{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6843A873A33AA4D1ED95D469E8B5BD0,SHA256=437E529B10239EA8723BC6E522209ACA3AB90DD27F066F8B84BAE859D3E0BE2F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:11.898{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57664-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:14.520{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CCF33D52C9194224B8EC5210C9AC6E4,SHA256=B74EDC50B71DB11E2DC963231EEFCA68534FE9B51EFFB081A3BC6425D9CB88B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049226Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:14.157{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCE08EA30062EFBD1531D3F60954DBEA,SHA256=371DAB1A8337CC45D3E3E7FF0CC9A3AF30BD6DCC8E7119F75F9458A759922EB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:14.488{A7A01FEF-DF97-607E-4709-00000000BB01}6584ATTACKRANGE\AdministratorC:\Windows\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exeC:\Users\Administrator\AppData\Local\Microsoft_Corporation\PowerShell_ISE.exe_StrongName_lw2v2vm3wmtzzpebq33gybmeoxukb04w\3.0.0.0\AutoSaveInformation\6584.xml~RFcdff88.TMPMD5=CDC37ABBACDC5A35D39581DFA1E69C56,SHA256=FD0C987C4EA499B0EF3F04D736EF983ED8B5570A1B8575164A63E0D9F0953E2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.816{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-B622-607E-0100-00000000BB01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x800000000000000062918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.598{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BA6D63A049C80EC3EF8FC2BB06945FD,SHA256=1F3C5EF78EB0A510F8BC161E12EA2B6C59FFB37A5E10005B3B78F0BE032F20E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049227Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:15.172{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96AF0EE52197240F5E01C142CBCB523C,SHA256=1A3689FF5B5E031A4811F8FDF4344B91622EC8A9C6DECBEBFF54D0F683741C66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.613{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B92ADA4E7730179A68B1EEEE9780E9C,SHA256=3F0A25F4E4768F5B97BB9B53ABF77521A67C13FBD1BD5E9E295F2BD9FF5ED91B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049231Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:14.703{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52468-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049230Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:14.295{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54938-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049229Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:16.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0AA1FF8EF8D610189698F7B4BBADE20,SHA256=63A9D0D69FB943CFBFF3C80C122476C84227039C3BBEC981ECB29E340A54C183,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049228Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:16.204{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC9C3E321C4E80EA66216302CDEBE48,SHA256=C7FCDA0112ACB148703EF0408B7FCA3CA46E58AF549AC4CFAFCDE61B82E51ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.363{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7188BD35051937D751E0752F56616902,SHA256=9628F72E969AE1427FD646634B58FF6D806E66E793C2B42D4A538B823331736B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:14.677{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-30910-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:14.636{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33643-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:17.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A3EE763ED2F42577997869E0BFB9CBCF,SHA256=48BD9CE9B865BC2127FBAFA6AFD988ADAB9AC71CFD083813A1C7CAB8AC460640,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:17.676{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2B543B1C21D52E1B17B4AF1E4EAA4A4,SHA256=781110FC65007CBDD90FC8E00828538F6C64980EE603A985449FACE000DEEBBC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049234Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:15.909{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56421-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049233Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:15.699{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53460-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049232Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:17.219{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F7C0625251F1950B9319C32B403E5BB,SHA256=86C7FE3689F2D819DAEFB04AA2C097555178FB450ECBA2891A45D3FCA2475EF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.877{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57441-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000062930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.877{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57441-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000062929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.774{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-339.attackrange.local57440-false10.0.1.14win-dc-339.attackrange.local389ldap 354300x800000000000000062928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.774{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57440-false10.0.1.14win-dc-339.attackrange.local389ldap 354300x800000000000000062927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.767{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57439-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000062926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.767{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57439-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000062925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.634{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60397-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:15.295{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57438-false10.0.1.12-8000- 23542300x800000000000000062939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:18.691{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5A6604B9B55E3199ABCDDAC674C7131,SHA256=ABFD3C578393F9558EF62F5C03C066204EDDB5CC8106E33D56AB9C0731AE68B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049236Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:18.297{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44962CC9333AE655409C3BA6B5B510D2,SHA256=06E6AEB7002BCE33C8F721ADA53A8F6F422C3014DA3DF9B83ABB1F7CEE2ADE27,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.257{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-26809-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.103{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-32277-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.096{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-35009-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.096{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255-138netbios-dgmfalse10.0.1.14win-dc-339.attackrange.local138netbios-dgm 354300x800000000000000062934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:16.096{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-339.attackrange.local138netbios-dgmfalse10.0.1.255-138netbios-dgm 23542300x800000000000000049235Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:18.079{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=18675413DDD968730FED3D7325894F7F,SHA256=AC141ED0E8DD7CA53E4C2CC5055EF2678EE188B5CA514E536067A5DE6CD276E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:19.707{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13C0D0C9068908AA82FA56B4D604463D,SHA256=39532FDDFB04B30B149ABBE58AE1B52C1A37623A8DD97783DC2A58E7B500C5C6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049239Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:17.841{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com57660-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049238Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:17.469{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57906-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049237Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:19.329{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFC88D1A1749832A1D55DDDF654DF2D1,SHA256=D6E9A64E816A6D61373F3B5A71D0F1B380BD42F0CC7891C4BFFDD62ECC7E18AF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:17.808{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55769-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:17.615{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36375-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:20.754{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=589003B32158703C5DA95FF08E62F158,SHA256=DA57E455220B9B0716980F1B4B3892D8BE9EEB0B342F97129BAF1B1C751FBFC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:20.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=861C7B407590B173B9E0D9609C02808C,SHA256=C280CA6B197E7589FF2DE7A089BC3AED6065BEF858FA681193A2D3F1CFD4C3A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049241Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:20.454{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E3EC6E14D415566A6128F913346BB61,SHA256=47E6CCB223B9A42D072456FFF6B0E4245FD3F4FF55629CE04F428EC7453B7F59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049240Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:20.344{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56448821B2AFA7DD81221A87216D0742,SHA256=22899EE8B89C6D648C6444AB9CDB058DA70A052CB3880E93AC59E3FBCCFCDE6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:21.847{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=747AF8A5A1F336913F6FC386BA85465A,SHA256=06E206A3D33AE7ED2402B3DC208606E01A64371BC3ADC4668BA528247A553AF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:21.769{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7EC4EFAE9799B8F58F240B3CEB1CB17,SHA256=B1D88FCFE41A50A7CAEFDEC47F975A2BFF9D4AF613E9DA15A2A02BB906498ED3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049243Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:21.516{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F99A73121FA0D774EC5EDFEE0EFBB67B,SHA256=B4F384EDBFB8B43E7A5825BA8A4C28D6BBF53D41EC637D0D59C56EB794B7A0AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049242Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:21.360{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9774E84948A648E246D7B5141F7CFB36,SHA256=BC64A1201AF48B54D60A0C9B3140F5AF34ECCC6F3AC5FE7EC894C7F8E66DF7C5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:19.693{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50958-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:22.863{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=198B3527B1B6F94241C7034CFFA03FF4,SHA256=DD0313D0375A5F3F1000422015D272400CBA0F3B19DD1FAF01131A349ACF2EEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049246Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:22.375{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F238AA89249103BD0D44D21DF6F509E,SHA256=609D8C65724E5495BCAF384C1B431010EA95DCB3889849D4524A866801C82AED,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:21.107{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57442-false10.0.1.12-8000- 354300x800000000000000062949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:20.670{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-39107-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000062948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:22.347{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXEC:\Temp\OfficeSetup.exe2021-04-20 14:53:22.347 354300x800000000000000049245Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:19.735{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52469-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049244Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:19.094{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59397-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:23.879{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82EE1299654E0ED3B3C7A55B9168615D,SHA256=62581A860E4A5590A581885795933AF4A87420ED109B580F536E2C0A0647DA5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049248Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:23.657{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049247Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:23.391{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDDE84F55F0CD115D44D865844B346EF,SHA256=11C1F5C83A060E3E0396457323A23501D997D96BEC2400BBDE6D8D2A266DAC18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:23.863{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64A26F2B6B726FD41F2F8A37A3FAE06D,SHA256=7EC121B799CB90D4B3AADAD5D99040240E808DD615C75313DAD04594BFC9B450,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:22.134{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40473-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:22.099{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37741-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000062952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:23.410{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:24.894{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40A12471B64900D88C48132807020F46,SHA256=B0A9AACD6BF87C98B34BB9330A5FC44A37D1D975A8B255B03B3358A8876CC141,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049251Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:24.469{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=202D37F38C928493336C8C623088F4A8,SHA256=5D5442343E5F07B0E44FF16254CB091FB125A4596B524C488D2F7398A5070F24,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:23.559{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-41839-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049250Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:24.172{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=882E24EB534CB472AF29B2A82C4BED1F,SHA256=C938D33F49A8C6B6D102DFF597EEF7FCFAE165C5601DE96C102BDF0BAFFB469A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049249Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:21.287{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60878-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:25.910{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88F7BB7B5B4AD8B002A802EC326A84D8,SHA256=6200083C264C904F2D89AD2981CE1B34A5E957C5989DF20810B9F50B77692DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049254Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:25.500{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC683828D90E775D23867495352B2574,SHA256=310DC12A3F5727BBDD1D96D35BD01FBEAD7CE2D776D0310845C8AB9D69CA07A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:25.363{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=B190CBDEB7CB9959F4E43418C70C8294,SHA256=1009A47A6CDDA6D9C9EE99A5AC211B290B2B6C65F6984DD8547D58BC00D89A6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049253Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:23.250{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52470-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000049252Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:22.813{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62369-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:26.941{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5D36BB6308A1BA40EDE3CBA89AC7364,SHA256=68BA7B322F459278328FCC88F57F086230BE4D40164C21DBAB7B9278E196CDA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049256Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:26.504{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=121ACED8DDAF14A82F7ED65936879D26,SHA256=208D33D286E2F512448197A5C8915C59A196A2AD3E9457ADC3E2DD78430B5DDD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:25.116{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58138-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049255Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:23.764{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55558-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:27.941{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B717C87BAEB5557067B26825CBAABF2,SHA256=80782584B609A5AE1D5CA337D0086E1076139A10D6BD66C7685F005CB4C75219,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049260Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:27.536{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7BCD6B066E3C822A3E6765F552DA4B44,SHA256=DE3E466D2CB50060C05D527BC4B10A5C1531D3C6C1A9F44DDE231AC12838564D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049259Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:27.536{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96FF2CE5C5D853BFF891479643CF1B2C,SHA256=FC9C9962C170EB1AFADD7F27A022FBB92762F118C5ED8692EA575C29B168E3D5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:26.656{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44571-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:26.170{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57443-false10.0.1.12-8000- 354300x800000000000000062964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:26.161{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50677-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:27.207{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=19043B685985F3324C6BEABA1B77CADC,SHA256=06887B14F7BE5AE02676F41E1BAA45F537AC8CDFFA93FCEC16E3FBD78ED439A9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049258Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:24.844{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52471-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049257Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:24.499{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63850-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000062969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:28.988{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AFA2C767A148976A619BBF157BAD11F,SHA256=F6E40B97D4D6AFBB9A2AFDBE042B1353529E5B69955FF6CC8DB522A3E787F267,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049263Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:28.551{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0991F55132930E791095AF6E962C8ED,SHA256=F66B9B3E10BDB795B93FC40F03BCAF0278B7F11810752CAA56ADBB468892AA7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:28.441{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22D297C74B0E26775484B637292D53D1,SHA256=525AA233B587D655CCB613BBD2E3F2B1AB4A1A67D42DC3D35A57E505B909814C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049262Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:25.955{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65325-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049261Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:25.950{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50919-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049265Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:29.582{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FD861E1CB72DA43FBC38ED35FF01182,SHA256=2A35ECE0922933E07B9D415902F51140CF4BA809C2E6D24E5C7162385BE384AB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:28.150{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-43205-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:29.629{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=92AB14AE9A1A6C0AF194ABB6F9424542,SHA256=4B9F27F59DF1559726AB02FA7779F338DA8C51BEA756910C6F73BBD5048FD452,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049264Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:29.192{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FF2D4A0C554A8F63EF6CCB65F00506B9,SHA256=B1CCE1125312B36E9D631671C0E58C60F798ED63AFC1ACF03E1E6C06760A581C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049266Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:30.645{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A14F639A11D46DFEB58BAC2596C121DF,SHA256=E10DC70A29BFB2CD82C2E2580EB28A53EFAEB38276447392EC0F39A830766EA4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:29.574{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47304-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000062973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:29.239{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60972-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000062972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:30.004{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9EAE21B9323E03BF9D728D3EB00CCB4,SHA256=51FDEA2CB0F2F742B80C1E1C745A1F67DDEF35C6A635EB6FCC5F6AA0B87ED056,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049267Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:31.661{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C66D923C0F9839E14986050EBD5F54C3,SHA256=6289703E72D3C17606EE24D809CE2D5B47BBE6FBA38B725B413FAFFFDE49A716,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:31.222{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B98D71F32F6E1E0B9ED754142993B6CD,SHA256=DB24AD70422C4E060EBCA2C89B41EBD21060B3BAC77DF9551EE3311F9AFF4927,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000062975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:31.082{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97BB770AE70338C38F3D0B3C4FEF6A2D,SHA256=6E82BBB9DF85962697BA0359C640EF8B6297F44D6F0A5D214075AD6B4FF3136C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049271Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.801{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E76AAF60F3681B5B36B461D119DB91B0,SHA256=594E25AB56F320C3EB8D5008A427E2FA747052315E8E90EEF7B6A3EBA6199560,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049270Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.692{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAE86F04CB9AC8A94E5A319F6227BABD,SHA256=DC1B4D2D9B674DC36D11A6580DD32D068BFE2A6574069DD6B156D85362AD638A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.878{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.878{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000062987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDBSetValue2021-04-20 14:53:32.550{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\OfficeSetup.exeBinary Data 10341000x800000000000000062986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000062979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.550{A7A01FEF-C0A6-607E-8105-00000000BB01}836108C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e69f|C:\Windows\System32\windows.storage.dll+16e315|C:\Windows\System32\windows.storage.dll+16de06|C:\Windows\System32\windows.storage.dll+16f278|C:\Windows\System32\windows.storage.dll+16dc2e|C:\Windows\System32\windows.storage.dll+fd025|C:\Windows\System32\windows.storage.dll+fd3a4|C:\Windows\System32\windows.storage.dll+fc9e0|C:\Windows\System32\windows.storage.dll+16650e|C:\Windows\System32\windows.storage.dll+166202|C:\Windows\System32\SHELL32.dll+3f8cd|C:\Windows\System32\SHELL32.dll+3e466|C:\Windows\System32\SHELL32.dll+80201|C:\Windows\System32\SHELL32.dll+6718e|C:\Windows\System32\SHELL32.dll+18d18c|C:\Windows\System32\SHELL32.dll+18cee3|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000062978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.498{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe16.0.13801.20266Microsoft OfficeMicrosoft OfficeMicrosoft CorporationBootstrapper.exe"C:\Temp\OfficeSetup.exe" C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=1B649814B0DBE3798D7426035C957FBD,SHA256=6469E1E2B57624EF62F5D36DFF93DFA0A50357B38350B565F395954A69327BB3,IMPHASH=6C556F7C64982E938EFD4571794DFE48{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x800000000000000062977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.113{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=652630B9571023FB8376C1FC827FCEC6,SHA256=E6970BB0C8AB68A96CBF5B47B64D2E99B10F01053F85BC535F4CC272B6309B47,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049269Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:30.553{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50425-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049268Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:29.848{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52472-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049273Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:33.708{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB0F87CCE112CBFCDD658F37C4AD86EF,SHA256=9881012120BB54217F73A583CC4D1D004D437D0DB62038F03FAAB6DD5BB036D2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049272Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:30.625{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53379-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000063029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.707{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-680B-00000000BB01}5296C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.707{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-680B-00000000BB01}5296C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.691{A7A01FEF-EAED-607E-680B-00000000BB01}52966772C:\Windows\system32\conhost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.675{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EAED-607E-680B-00000000BB01}5296C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.675{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAED-607E-680B-00000000BB01}5296C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.628{A7A01FEF-EAEC-607E-660B-00000000BB01}68406800C:\Temp\OfficeSetup.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\System32\windows.storage.dll+124156(wow64)|C:\Windows\System32\windows.storage.dll+123e11(wow64)|C:\Windows\System32\windows.storage.dll+123ee3(wow64)|C:\Windows\System32\windows.storage.dll+124bb5(wow64)|C:\Windows\System32\windows.storage.dll+123a61(wow64)|C:\Windows\System32\windows.storage.dll+125db0(wow64)|C:\Windows\System32\windows.storage.dll+12602c(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\SHELL32.dll+1a8264(wow64)|C:\Windows\System32\SHELL32.dll+1a813e(wow64)|C:\Windows\System32\SHELL32.dll+1a7f39(wow64) 154100x800000000000000063018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.627{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile "$package = Get-AppxPackage Microsoft.Office.Desktop -allUsers; if (!$package) { $Error.Add(\"Package is not installed\")}; if ($error.Count -eq 0) { Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '1' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '0' -Encoding ascii; Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateError.scratch' -InputObject $error -Encoding ascii;} "C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=65D86C34814C02569E2AD53FD24E7F61,SHA256=8133502266008B77DE7921451E1210B0EF3F0ED2DB7D8D3EE0C3350D856FA6FA,IMPHASH=5E0145CEF36FA9BFBA7DE33AA683B8ED{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe"C:\Temp\OfficeSetup.exe" 10341000x800000000000000063017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.613{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.566{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=15D24D6FA665F6FE6218ED8D3E01B8C5,SHA256=725E9ED5CFDA9C234C8C2E4462A3017334C53A35FA7549C36137943D821033EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.566{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=7ED61960DD65A0AB02EA5433062597B8,SHA256=BB1828510EA110A758A4D94DA8C66434B14E659843D22A331FD337CF0D659C22,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.550{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.472{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.300{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F862EE62AC4E3FE3C30F7B9C6B57929,SHA256=9DBABA15FBAD409C8B33821EF863C938387DA7F800F09A53C6DA0CD1ECD76326,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000062996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.222{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000062995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.222{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000062994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.129{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB96D2842ED4C900A4CAB13195C2FE9F,SHA256=6872575D8811775CC68B4465A171BA62BE3A46F4C22B2C448EB5E810ADC34891,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000062993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:31.279{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57444-false10.0.1.12-8000- 354300x800000000000000062992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:31.135{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-45937-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049277Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:34.723{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=096835B2AE33E219E1B23042B7DB1AF4,SHA256=A14022DB87123F42C02109572B8924108F75157DABD8C6B2E67F802CFB85B70E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.910{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.910{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.863{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.863{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x800000000000000063038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:53:34.785{A7A01FEF-EAED-607E-670B-00000000BB01}3712\PSHost.132634040136275934.3712.DefaultAppDomain.powershellC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000063037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.769{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_vq1ni4af.r3x.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.769{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_cnnvyzmg.sf3.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.628{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=607FBB878AE0BCE24AEE5BB12AF4B468,SHA256=2469225F1E8BEBF95D6087B068DCE0D4A34EB464A7330185D358FA7813977701,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.519{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_cnnvyzmg.sf3.ps12021-04-20 14:53:34.519 10341000x800000000000000063033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.488{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.207{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CF0685FC2EDBFCEF10F70D3FA0FA4AE8,SHA256=5592B7797E0FE8D98615041721CED3E4DEDA8FF29A20893DE50FAB353ADF0CE1,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049276Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.241{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54850-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049275Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.098{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62426-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049274Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:32.038{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51901-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000063031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.596{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62691-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:32.494{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50044-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049279Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.725{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC667B345F21DBF773210C42256A29F2,SHA256=915787DD1AB210FA6AF72C5E363C6AD82180F84FB03815DE1C1544ADBA525C9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.972{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F0F9B7CF52354E4267EBF9E15FD197D0,SHA256=230809D4E247592ADA92A3353D2A467DF59AECFB80DE4FEDC9EDBEC733ACF84F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.941{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.941{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.941{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580944C:\Windows\system32\conhost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.925{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.925{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAEF-607E-6B0B-00000000BB01}1580C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-C0A3-607E-6C05-00000000BB01}36242592C:\Windows\system32\csrss.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-EAEC-607E-660B-00000000BB01}68406800C:\Temp\OfficeSetup.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Windows\System32\windows.storage.dll+124156(wow64)|C:\Windows\System32\windows.storage.dll+123e11(wow64)|C:\Windows\System32\windows.storage.dll+123ee3(wow64)|C:\Windows\System32\windows.storage.dll+124bb5(wow64)|C:\Windows\System32\windows.storage.dll+123a61(wow64)|C:\Windows\System32\windows.storage.dll+125db0(wow64)|C:\Windows\System32\windows.storage.dll+12602c(wow64)|C:\Windows\System32\windows.storage.dll+125915(wow64)|C:\Windows\System32\SHELL32.dll+1a8264(wow64)|C:\Windows\System32\SHELL32.dll+1a813e(wow64)|C:\Windows\System32\SHELL32.dll+1a7f39(wow64) 154100x800000000000000063068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.921{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile "$package = Get-AppxPackage Microsoft.Office.Desktop -allUsers; if (!$package) { $Error.Add(\"Package is not installed\")}; if ($error.Count -eq 0) { Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '1' -Encoding ascii; } else { Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratch' -InputObject '0' -Encoding ascii; Out-File -FilePath 'C:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateError.scratch' -InputObject $error -Encoding ascii;} "C:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=65D86C34814C02569E2AD53FD24E7F61,SHA256=8133502266008B77DE7921451E1210B0EF3F0ED2DB7D8D3EE0C3350D856FA6FA,IMPHASH=5E0145CEF36FA9BFBA7DE33AA683B8ED{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe"C:\Temp\OfficeSetup.exe" 10341000x800000000000000063067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratchMD5=21438EF4B9AD4FC266B6129A2F60DE29,SHA256=13BF7B3039C63BF5A50491FA3CFD8EB4E699D1BA1436315AEF9CBE5711530354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.910{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateError.scratchMD5=BD3457E50947D4280734E74B51B5B68D,SHA256=23D647979BC5DC186DE5BA3E00A222A912AB8E4782EB6407EFA70E29E95979F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.894{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.050{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48670-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.985{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51410-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 22542200x800000000000000063061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.620{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ecs.office.com0type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;C:\Temp\OfficeSetup.exe 23542300x800000000000000063060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.566{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=71C8CCEF18B0AF1E49D6992323CAEC35,SHA256=BAB8A3E7F86427C5C2F7785EA99C978BB1A5ADA546E8A936E0D20BBCC92C896D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.472{A7A01FEF-B624-607E-0A00-00000000BB01}8525304C:\Windows\system32\services.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.472{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B624-607E-0A00-00000000BB01}8526268C:\Windows\system32\services.exe{A7A01FEF-EAEF-607E-690B-00000000BB01}1188C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.363{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.222{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A99CA294B52475957D99EDD65B00B299,SHA256=ADA2EF8BA56782BC07D03C7E6640F9E10D13EBFAC2F5DE8AAB63F89E0AA707B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049278Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.270{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F42EDF462BBDA5143E4628B3B319F397,SHA256=FFB655D07CBEFD38A8215F06680E92DB04239235EF58982716C3A55B87F63906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.160{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_qpxfzawg.oyj.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.160{A7A01FEF-EAED-607E-670B-00000000BB01}3712ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_xfnenbg4.5em.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:35.144{A7A01FEF-EAED-607E-670B-00000000BB01}3712C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_xfnenbg4.5em.ps12021-04-20 14:53:35.144 354300x800000000000000063047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.655{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57446-false52.113.194.132-443https 354300x800000000000000063046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.653{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57445-false52.109.88.34-443https 354300x800000000000000063045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.617{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58167- 354300x800000000000000063044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.617{A7A01FEF-B626-607E-1400-00000000BB01}1276C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53036-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domain 354300x800000000000000063043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:33.320{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51836-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049280Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:36.728{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BA4807D437FD0000494AB9F1DF33417,SHA256=F6416CE5ED7798273B928C6F36C86161B89578B9C0621A7375070B1C8A6A6866,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.988{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT576D.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.988{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000063137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.957{A7A01FEF-B626-607E-1100-00000000BB01}11766576C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000063136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.957{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+1794e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.957{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+1794e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.941{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x800000000000000063133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:34.904{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local56168- 10341000x800000000000000063132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.910{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96fe2|C:\Windows\system32\kerberos.DLL+794d4|C:\Windows\system32\kerberos.DLL+144c9|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x800000000000000063131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.894{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000063120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:36.878{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\BITS\Performance\PerfMMFileNameGlobal\MMF_BITS030287e2-819d-4485-9c3a-5d6f062ebf67 23542300x800000000000000063119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.816{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240NT AUTHORITY\NETWORK SERVICEC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\INF\disk.PNFMD5=4EFFFA1A69CC68965A020830F5849EB6,SHA256=B483BF142AF92CA4090161655EEB82EBFAE5BD835896B15A5680CD0824CC2C46,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.800{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.800{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000063116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.785{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wmiutils.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwmiutils.dllMD5=5179B0DEF3AB5CAC3BA02316AF1B6B40,SHA256=FA4112CB0D1A133C41FD001F958F0BE930BB49072BF97A3D765AEA8DB841ABC4,IMPHASH=EE3767E8CDC80CCB91A8FC0A7407A4A9trueMicrosoft WindowsValid 10341000x800000000000000063115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.785{A7A01FEF-B626-607E-1600-00000000BB01}15401316C:\Windows\system32\svchost.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000063114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.785{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFF,IMPHASH=200200BEAF933FA4627BF83C67BA473EtrueMicrosoft WindowsValid 734700x800000000000000063113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.769{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3,IMPHASH=96416B54C1F2E15EF294753DF1CB4131trueMicrosoft WindowsValid 10341000x800000000000000063112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.769{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000063111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.769{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3,IMPHASH=481A52B415277FC8692C7D6D9EA3475CtrueMicrosoft WindowsValid 734700x800000000000000063110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.753{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\System32\wbem\WmiPrvSE.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=EF7A4C64E4A6F52AEAF20828033ADFF8,SHA256=7108BBAE5B91ED6784BD32547F7BD9DEAD392E47ACAB29DC057AEF7CFB746F3C,IMPHASH=3775C2F7CD09C385EEDA8CBB7894E3E3trueMicrosoft WindowsValid 10341000x800000000000000063109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.753{A7A01FEF-B624-607E-0500-00000000BB01}644760C:\Windows\system32\csrss.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.753{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF0-607E-6C0B-00000000BB01}6240C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+35069|c:\windows\system32\rpcss.dll+3a852|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 734700x800000000000000063107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Windows\SysWOW64\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=FBA861EF9AE6F64CA375EEA558D3149B,SHA256=E7DA765AF081635A814E769967702B4711FC64E785EBA9757FFF4590B5C65A4B,IMPHASH=BEC4D2DC6E5428E09C45B14235429DCFtrueMicrosoft WindowsValid 10341000x800000000000000063106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db-journalMD5=471A9689DC6A298550965FCDC5F22EDE,SHA256=0624508199EAC18C359980F92F47CB87AE0AECCEA31EE4281DEA4F52438A5B5C,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000063102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.722{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Windows\SysWOW64\wbem\wbemsvc.dll10.0.14393.0 (rs1_release.160715-1616)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=75B865AD79ECEA39F566F4EE82B8EC07,SHA256=2C87DCCB0754D5B3A6C27D56E5F2093F987B91607A30F8B80EBCF055E43A47D5,IMPHASH=C49BA5C02FD2B43AF8015BD8DB280C09trueMicrosoft WindowsValid 23542300x800000000000000063101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.738{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officesetup.exe.db-journalMD5=ECDA08ED7D284C5BFAF477467028349E,SHA256=86AA5C15722E9D6EFA8D1568599C709273E93EAB447CB0A1D3D0D59F9B326E99,IMPHASH=00000000000000000000000000000000falsetrue 734700x800000000000000063100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.691{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Windows\SysWOW64\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=9B0376830594C27EC739B58531DE2A8F,SHA256=642185F9376946DF0739882DF0063FCE5360FD5B442F65171E69131B306D94D6,IMPHASH=8A8A7EED1F0389DACE5792A5A9D900D5trueMicrosoft WindowsValid 734700x800000000000000063099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.691{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Windows\SysWOW64\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=F14B95C2CD2AC79A48069C95C724EF55,SHA256=9EF2E84DFC50B37D790FA46ABB71AB540D1860B38C8778C092233683FCBDF366,IMPHASH=C93E7CA22B07D6A204D0EDA95C47798DtrueMicrosoft WindowsValid 23542300x800000000000000063098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.628{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateResult.scratchMD5=21438EF4B9AD4FC266B6129A2F60DE29,SHA256=13BF7B3039C63BF5A50491FA3CFD8EB4E699D1BA1436315AEF9CBE5711530354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.628{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\Office.ValidateError.scratchMD5=BD3457E50947D4280734E74B51B5B68D,SHA256=23D647979BC5DC186DE5BA3E00A222A912AB8E4782EB6407EFA70E29E95979F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.613{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=A21AA3BE7CB682FD1075E24D15BA6789,SHA256=271F9057DFE0295E298F0916F9096C00B27485C25403C2253F39D146BDD28AEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.613{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=FF1AFB7D91809AC5864A9C170AC535BB,SHA256=645A4A66AE7AE7C30414CDE04BF969B2873383F8EE7A9AAF39325B96F3CFDC6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.613{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=15D24D6FA665F6FE6218ED8D3E01B8C5,SHA256=725E9ED5CFDA9C234C8C2E4462A3017334C53A35FA7549C36137943D821033EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.316{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_tp01ukwp.33x.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.316{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_uufuu0km.ir0.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.300{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_uufuu0km.ir0.ps12021-04-20 14:53:36.300 23542300x800000000000000063090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.253{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB8B78ABD4CDA26A529D863974BA2338,SHA256=22C93BBD6EDEF23BAACBDF751D8FD7906277A0B0949F2DD917F533E91A45C4A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.113{A7A01FEF-B626-607E-1600-00000000BB01}15402060C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.113{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.066{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.066{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x800000000000000063085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-CreatePipe2021-04-20 14:53:36.050{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924\PSHost.132634040159211392.4924.DefaultAppDomain.powershellC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 23542300x800000000000000063084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.035{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_gb2jqtdr.xmc.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.035{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924ATTACKRANGE\AdministratorC:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_5kpzbsig.0qy.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.019{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_5kpzbsig.0qy.ps12021-04-20 14:53:36.019 10341000x800000000000000063081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAEF-607E-6A0B-00000000BB01}4924C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049283Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:37.760{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3BFB273F7FF20FE15D16B01B63E019B,SHA256=49139C7DBC027E0851B6703C42E2C4E10F889B65EDAD11EDFC64585F166A0B1B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.988{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVOrchestration.dll2021-04-20 14:53:37.988 11241100x800000000000000063208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.972{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVManifest.dll2021-04-20 14:53:37.972 11241100x800000000000000063207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.972{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIsvVirtualization.dll2021-04-20 14:53:37.972 354300x800000000000000063206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.007{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57452-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local47001- 354300x800000000000000063205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.007{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57452-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local47001- 354300x800000000000000063204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.979{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57451-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local47001- 354300x800000000000000063203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.979{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57451-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local47001- 354300x800000000000000063202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.915{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57450-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.908{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58949- 354300x800000000000000063200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.904{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57449-false104.76.200.56a104-76-200-56.deploy.static.akamaitechnologies.com80http 354300x800000000000000063199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.902{A7A01FEF-B626-607E-1400-00000000BB01}1276C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse127.0.0.1-53580-false127.0.0.1-53domain 354300x800000000000000063198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.887{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-53580- 354300x800000000000000063197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.887{A7A01FEF-B626-607E-1400-00000000BB01}1276C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue7f00:1:0:0:98c0:ff87:dce:ffff-53580-true7f00:1:0:0:0:0:0:0-53domain 354300x800000000000000063196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.866{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53580- 354300x800000000000000063195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.825{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57448-false52.109.88.44-443https 354300x800000000000000063194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.810{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58049- 354300x800000000000000063193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.294{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57447-false10.0.1.12-8000- 11241100x800000000000000063192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.956{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppvIsvSubsystems64.dll2021-04-20 14:53:37.956 11241100x800000000000000063191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.941{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppvIsvSubsystems32.dll2021-04-20 14:53:37.941 11241100x800000000000000063190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.925{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIsvSubsystemController.dll2021-04-20 14:53:37.925 11241100x800000000000000063189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.925{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIsvStreamingManager.dll2021-04-20 14:53:37.925 11241100x800000000000000063188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.925{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIsvApi.dll2021-04-20 14:53:37.925 11241100x800000000000000063187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.910{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVIntegration.dll2021-04-20 14:53:37.910 11241100x800000000000000063186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.910{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVFileSystemMetadata.dll2021-04-20 14:53:37.910 23542300x800000000000000063185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.894{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=D31889F2454F5E41D2C322AC3B4DB7ED,SHA256=78073F84E939135E8230D5338463666AD04463D46A4080D495C219F732161A20,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:37.894{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\appvcleaner.exe2021-04-20 14:53:37.894 11241100x800000000000000063183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVCatalog.dll2021-04-20 14:53:37.878 11241100x800000000000000063182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\ApiClient.dll2021-04-20 14:53:37.878 11241100x800000000000000063181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.878{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:53:37.878 11241100x800000000000000063168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:53:37.863 11241100x800000000000000063162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:53:37.863 11241100x800000000000000063160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.863{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:53:37.863 23542300x800000000000000063159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.753{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56A96D591683241936B340410D85CD11,SHA256=7C62B90B744683D605272470006CCDF0E2EF2FB8BF86498FA6A82B991A19A5EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.347{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2R77F5D1E0-A108-4C42-A14F-FA28C38EE8C1\BIT58A9.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.316{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2R77F5D1E0-A108-4C42-A14F-FA28C38EE8C1\BIT58A9.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.300{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.300{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\i640CheckReachable35EB7E13-4C01-4843-8742-322E02464FEFMD5=69691C7BDCC3CE6D5D8A1361F22D04AC,SHA256=08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x4d 23542300x800000000000000063154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.300{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT5879.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.300{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT5879.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.285{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA7E22275F9F4EF2FE7E6322CD9896DC,SHA256=DA27225671648B215C6297B0F0DF9C66BB672432D940FD6611CBC3203A94176C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049282Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:37.415{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A36368DE5B8253EF5D21A2D9FB4F8F02,SHA256=F8E9D5642DDA5FFE4B7B7AA4171F7DDA4B82C2790E5C656CC24F4B705FF3E5EF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049281Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.460{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57806-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000063151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.269{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT5879.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.253{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.238{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\VersionDescriptor.xmlMD5=FCC5919E96990AEFD85C0A811FDC8874,SHA256=FE3517F4F19E4341F627AD914C4A5A329E228CD460883E426AA338D4A08C23E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.238{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\v64_16.0.13127.21348.cabMD5=A7367A698F0B945925048DAEEC5D2FBD,SHA256=EC50959B440B75F9DD514D508EF56BFFAB9972468DD1E7D860F87F09BE08279A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.238{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\v64.hashMD5=B5EBCE52855C958C3832EEA5476B4ACC,SHA256=799F789F2E7C7D4828797C29834644B928C849163C8F34E817836C5B3E956998,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.097{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40CB9923A74843B198C96DD31218761E,SHA256=ACE1E344BF6E6703A450FE1EFAAAAC2BA97D9D44EF2A03C2B2421E7BBB7FAA1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.097{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\BIT57BD.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.066{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2RB2F07119-9254-435F-858F-4EBA7FB218F4\BIT57BD.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.050{A7A01FEF-B626-607E-1600-00000000BB01}15406976C:\Windows\system32\svchost.exe{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\v64_16.0.13127.21348CheckReachable2842872C-C141-4B16-A1F1-7817FA6004F8MD5=69691C7BDCC3CE6D5D8A1361F22D04AC,SHA256=08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x4d 23542300x800000000000000063141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.050{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT576D.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.050{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Users\ADMINI~1\AppData\Local\Temp\BIT576D.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049287Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:38.791{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22F21477301AEB40CF1F44FCF64530A9,SHA256=0D02C39807900E3E175E9F9F690607871B4F8B09DAEE5C82172F6CEFD2F7C641,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:38.972{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\OfficeC2R77F5D1E0-A108-4C42-A14F-FA28C38EE8C1\i640.cabMD5=4811EE2B807068A9D4B8A46E1A81040B,SHA256=85387B43B7D3E3A442E6A9145CFDDBD1D5AF6CB320C3BA2F85AC2E4FBAC5A93C,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000063282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:36.914{A7A01FEF-EAEC-607E-660B-00000000BB01}6840officecdn.microsoft.com.edgesuite.net0type: 5 officecdn.microsoft.com.edgesuite.net.globalredir.akadns.net;type: 5 a1737.dspw65.akamai.net;::ffff:2.16.106.224;::ffff:2.16.106.194;C:\Temp\OfficeSetup.exe 11241100x800000000000000063281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.581{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\vcruntime140_1.dll2021-04-20 14:53:38.581 11241100x800000000000000063280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.581{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\vcruntime140.dll2021-04-20 14:53:38.581 11241100x800000000000000063279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.581{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\vccorlib140.dll2021-04-20 14:53:38.581 11241100x800000000000000063278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.566{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\ucrtbase.dll2021-04-20 14:53:38.566 23542300x800000000000000063277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:38.566{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9CEE0A3B8FAEDE0BB5684C03A026003,SHA256=AB639FC53988A72F9928A400A47CBEEC47D100FECD1EABF90B4253EF6EE32144,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.550{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\StreamServer.dll2021-04-20 14:53:38.550 11241100x800000000000000063275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.519{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\RepoMan.dll2021-04-20 14:53:38.519 11241100x800000000000000063274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.503{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\policy.dll2021-04-20 14:53:38.503 11241100x800000000000000063273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.503{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\offreg.dll2021-04-20 14:53:38.503 11241100x800000000000000063272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.472{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\officesvcmgr.exe2021-04-20 14:53:38.472 11241100x800000000000000063271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.457{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\officeinventory.dll2021-04-20 14:53:38.457 11241100x800000000000000063270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.394{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\OfficeClickToRun.exe2021-04-20 14:53:38.394 11241100x800000000000000063269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.378{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\OfficeC2RCom.dll2021-04-20 14:53:38.378 23542300x800000000000000049286Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:38.604{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2333FA80F6BA3FEAB6E1DAB4F3DFF9C0,SHA256=A0EF752AA5D9A741EAB19C8F6FD7787C31C94CB05FBBF1F0C621ABC8950FA1DA,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049285Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.925{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53678-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049284Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:35.745{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52473-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000063268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:38.269{A7A01FEF-EAEC-607E-660B-00000000BB01}6840ATTACKRANGE\AdministratorC:\Temp\OfficeSetup.exeC:\Users\ADMINI~1\AppData\Local\Temp\WIN-DC-339-20210420-1453.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.238{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\OfficeC2RClient.exe2021-04-20 14:53:38.238 11241100x800000000000000063266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.222{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\msvcr120.dll2021-04-20 14:53:38.222 11241100x800000000000000063265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.222{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\msvcp140.dll2021-04-20 14:53:38.222 11241100x800000000000000063264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.206{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\msvcp120.dll2021-04-20 14:53:38.206 11241100x800000000000000063263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.206{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\msix.dll2021-04-20 14:53:38.206 11241100x800000000000000063262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.206{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\MavInject32.exe2021-04-20 14:53:38.191 11241100x800000000000000063261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.191{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\manageability.dll2021-04-20 14:53:38.191 11241100x800000000000000063260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.144{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\inventory.dll2021-04-20 14:53:38.144 11241100x800000000000000063259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.113{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\IntegratedOffice.exe2021-04-20 14:53:38.113 11241100x800000000000000063258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.113{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\InspectorOfficeGadget.exe2021-04-20 14:53:38.113 11241100x800000000000000063257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.097{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\cpprestsdk.dll2021-04-20 14:53:38.097 11241100x800000000000000063256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.097{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\concrt140.dll2021-04-20 14:53:38.097 11241100x800000000000000063255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RUI.dll2021-04-20 14:53:38.066 11241100x800000000000000063254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.zh-tw.dll2021-04-20 14:53:38.066 11241100x800000000000000063253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.zh-cn.dll2021-04-20 14:53:38.066 11241100x800000000000000063252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.vi-vn.dll2021-04-20 14:53:38.066 11241100x800000000000000063251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.uk-ua.dll2021-04-20 14:53:38.066 11241100x800000000000000063250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.tr-tr.dll2021-04-20 14:53:38.066 11241100x800000000000000063249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.th-th.dll2021-04-20 14:53:38.066 11241100x800000000000000063248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.sv-se.dll2021-04-20 14:53:38.066 11241100x800000000000000063247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.sr-latn-rs.dll2021-04-20 14:53:38.066 11241100x800000000000000063246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.sl-si.dll2021-04-20 14:53:38.066 11241100x800000000000000063245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.sk-sk.dll2021-04-20 14:53:38.066 11241100x800000000000000063244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ru-ru.dll2021-04-20 14:53:38.066 11241100x800000000000000063243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ro-ro.dll2021-04-20 14:53:38.066 11241100x800000000000000063242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.pt-pt.dll2021-04-20 14:53:38.066 11241100x800000000000000063241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.066{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.pt-br.dll2021-04-20 14:53:38.050 11241100x800000000000000063240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.pl-pl.dll2021-04-20 14:53:38.050 11241100x800000000000000063239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.nl-nl.dll2021-04-20 14:53:38.050 11241100x800000000000000063238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.nb-no.dll2021-04-20 14:53:38.050 11241100x800000000000000063237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ms-my.dll2021-04-20 14:53:38.050 11241100x800000000000000063236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.lv-lv.dll2021-04-20 14:53:38.050 11241100x800000000000000063235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.lt-lt.dll2021-04-20 14:53:38.050 11241100x800000000000000063234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ko-kr.dll2021-04-20 14:53:38.050 11241100x800000000000000063233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.kk-kz.dll2021-04-20 14:53:38.050 11241100x800000000000000063232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ja-jp.dll2021-04-20 14:53:38.050 11241100x800000000000000063231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.it-it.dll2021-04-20 14:53:38.050 11241100x800000000000000063230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.id-id.dll2021-04-20 14:53:38.050 11241100x800000000000000063229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.hu-hu.dll2021-04-20 14:53:38.050 11241100x800000000000000063228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.hr-hr.dll2021-04-20 14:53:38.050 11241100x800000000000000063227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.hi-in.dll2021-04-20 14:53:38.050 11241100x800000000000000063226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.he-il.dll2021-04-20 14:53:38.050 11241100x800000000000000063225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.fr-fr.dll2021-04-20 14:53:38.050 11241100x800000000000000063224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.fi-fi.dll2021-04-20 14:53:38.050 11241100x800000000000000063223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.et-ee.dll2021-04-20 14:53:38.050 11241100x800000000000000063222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.050{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.es-es.dll2021-04-20 14:53:38.035 11241100x800000000000000063221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.en-us.dll2021-04-20 14:53:38.035 11241100x800000000000000063220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.el-gr.dll2021-04-20 14:53:38.035 11241100x800000000000000063219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.de-de.dll2021-04-20 14:53:38.035 11241100x800000000000000063218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.da-dk.dll2021-04-20 14:53:38.035 11241100x800000000000000063217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.cs-cz.dll2021-04-20 14:53:38.035 11241100x800000000000000063216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.bg-bg.dll2021-04-20 14:53:38.035 11241100x800000000000000063215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.035{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2RINTL.ar-sa.dll2021-04-20 14:53:38.035 11241100x800000000000000063214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.019{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2R64.dll2021-04-20 14:53:38.019 11241100x800000000000000063213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.003{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\C2R32.dll2021-04-20 14:53:38.003 11241100x800000000000000063212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:38.003{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVShNotify.exe2021-04-20 14:53:38.003 11241100x800000000000000063211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:38.003{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVScripting.dll2021-04-20 14:53:38.003 11241100x800000000000000063210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:37.988{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeC:\Program Files\Common Files\microsoft shared\ClickToRunOfficeC2RF4A54F4A-E39B-4B57-8B89-B586843FF1D0\AppVPolicy.dll2021-04-20 14:53:37.988 23542300x800000000000000049291Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:39.807{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C5D2070FAB7DEB34D7FD5C275B7F5C5,SHA256=4B46887F523A80304DB61B7DFF2236A7669A7A2D7052E3674F8261BCCE273DF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.894{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R49DF76BF-A14D-44CB-9027-1A8929C06524\BIT629E.tmpMD5=B3272B2896BB5840F3C42189D8CE2575,SHA256=6B5C9DA2C3BE2B52DB31822E1467BD5A8317FF4C52C6DD97B0A79EE6BA7C0C84,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.894{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R49DF76BF-A14D-44CB-9027-1A8929C06524\BIT629E.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.847{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R49DF76BF-A14D-44CB-9027-1A8929C06524\BIT629E.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.847{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\s641033CheckReachable09D9135F-5C8D-4BA0-810C-3CF8327D0E5CMD5=69691C7BDCC3CE6D5D8A1361F22D04AC,SHA256=08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x4d 23542300x800000000000000063344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.847{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT624F.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.816{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT624F.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.816{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT624F.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000063341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.073{A7A01FEF-B626-607E-1600-00000000BB01}1540officecdn.microsoft.com.edgesuite.net0type: 5 officecdn.microsoft.com.edgesuite.net.globalredir.akadns.net;type: 5 a1737.dspw65.akamai.net;::ffff:2.16.106.224;::ffff:2.16.106.194;C:\Windows\System32\svchost.exe 23542300x800000000000000063340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.769{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT624F.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.769{A7A01FEF-B626-607E-1600-00000000BB01}15404372C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.706{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=238C0FFE5D67FB55FDD4AF906CB8BF60,SHA256=D7F8EFCAE4D98E021AC834B52D98A83962F9D736D12C95696F002256CECEA5A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:39.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe2021-04-20 14:53:39.675 11241100x800000000000000063336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:39.660{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe2021-04-20 14:53:39.660 10341000x800000000000000063335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.503{A7A01FEF-B624-607E-0A00-00000000BB01}8526268C:\Windows\system32\services.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.488{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.488{A7A01FEF-B624-607E-0B00-00000000BB01}860908C:\Windows\system32\lsass.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.488{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.425{A7A01FEF-B624-607E-0A00-00000000BB01}8524336C:\Windows\system32\services.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\services.exe+3332|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.426{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe16.0.13127.21210Microsoft Office Click-to-Run (SxS)Microsoft OfficeMicrosoft CorporationOfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /serviceC:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=109DDC7C83BC3AEB49A647A89BD6362A,SHA256=A6F2C3A6E01E6859D00DAC8344560F840EB0AE385CF38FA88E4B91F762317643,IMPHASH=AFC358F4704431026A38B639D4132AC6{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\System32\services.exeC:\Windows\system32\services.exe 23542300x800000000000000049290Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:39.635{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FFCC3BDB2CF5591A5B72574CE965A9DB,SHA256=6F67220B40FBFAC34E34D20F655DC1672BC881CEEC95F8E7A43483E260E0200D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049289Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:37.027{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59288-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049288Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:36.909{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56329-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 13241300x800000000000000063324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\Security\SecurityBinary Data 13241300x800000000000000063323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\FailureActionsBinary Data 13241300x800000000000000063322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\Description‪Manages resource coordination, background streaming, and system integration of Microsoft Office products and their related updates. This service is required to run during the use of any Microsoft Office program, during initial streaming installation and all subsequent updates.‬ 13241300x800000000000000063321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\ObjectNameLocalSystem 13241300x800000000000000063320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\DisplayNameMicrosoft Office Click-to-Run Service 13241300x800000000000000063319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1031,T1050SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\ImagePath"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service 13241300x800000000000000063318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\ErrorControlDWORD (0x00000001) 13241300x800000000000000063317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localT1031,T1050SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\StartDWORD (0x00000002) 13241300x800000000000000063316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:53:39.410{A7A01FEF-B624-607E-0A00-00000000BB01}852C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ClickToRunSvc\TypeDWORD (0x00000010) 10341000x800000000000000063315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.410{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.410{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+2ccaf5|C:\Windows\System32\SHELL32.dll+1fccdd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+2ccabf|C:\Windows\System32\SHELL32.dll+1fccdd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+2cca45|C:\Windows\System32\SHELL32.dll+1fccb0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+2cca32|C:\Windows\System32\SHELL32.dll+1fccb0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-EAF3-607E-6D0B-00000000BB01}44843096C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+2cca32|C:\Windows\System32\SHELL32.dll+1fccb0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+15678c|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+1572de|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2RUI.dll+155bef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365900C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+5cf54|C:\Windows\Explorer.EXE+5c591|C:\Windows\Explorer.EXE+5a5a3|C:\Windows\Explorer.EXE+5983c|C:\Windows\Explorer.EXE+56de3|C:\Windows\Explorer.EXE+4bb4d|C:\Windows\Explorer.EXE+49f72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710C0E49F)|UNKNOWN(FFFFF40710BB4C42)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e 10341000x800000000000000063303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365900C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+5cf54|C:\Windows\Explorer.EXE+5c591|C:\Windows\Explorer.EXE+5a5a3|C:\Windows\Explorer.EXE+5983c|C:\Windows\Explorer.EXE+56de3|C:\Windows\Explorer.EXE+4bb4d|C:\Windows\Explorer.EXE+49f72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710C0E49F)|UNKNOWN(FFFFF40710BB4C42)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\Explorer.EXE+51aca 10341000x800000000000000063302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.394{A7A01FEF-C0A6-607E-8105-00000000BB01}8365900C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+5cf54|C:\Windows\Explorer.EXE+5c591|C:\Windows\Explorer.EXE+5a5a3|C:\Windows\Explorer.EXE+5983c|C:\Windows\Explorer.EXE+56de3|C:\Windows\Explorer.EXE+4bb4d|C:\Windows\Explorer.EXE+49f72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802548EC8C8)|UNKNOWN(FFFFF40710C0E49F)|UNKNOWN(FFFFF40710BB4C42)|UNKNOWN(FFFFF40710BAF241)|UNKNOWN(FFFFF40710BB0C0A)|UNKNOWN(FFFFF40710BAEEC6)|UNKNOWN(FFFFF80254603E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e 10341000x800000000000000063301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.285{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.238{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=673368061A374B558959BFFCB318E6F0,SHA256=E8C590A34A2C1AD8855F61A82C5A52056E18863F14398218D52FCE8910230C6D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.175{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.175{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.175{A7A01FEF-B626-607E-1600-00000000BB01}15404372C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.175{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.128{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-C0A3-607E-6C05-00000000BB01}36244292C:\Windows\system32\csrss.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.081{A7A01FEF-EAEC-607E-660B-00000000BB01}68406800C:\Temp\OfficeSetup.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\wow64.dll+10c0b|C:\Windows\System32\wow64.dll+10499|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+92e47|C:\Windows\SYSTEM32\ntdll.dll+78135|C:\Windows\SYSTEM32\ntdll.dll+77f9e|C:\Windows\SYSTEM32\ntdll.dll+6f66c(wow64)|C:\Windows\System32\KERNELBASE.dll+d9148(wow64)|C:\Windows\System32\KERNELBASE.dll+d7e2c(wow64)|C:\Temp\OfficeSetup.exe+162225|C:\Temp\OfficeSetup.exe+162311|C:\Temp\OfficeSetup.exe+162ac2|C:\Temp\OfficeSetup.exe+13640|C:\Temp\OfficeSetup.exe+1324c|C:\Temp\OfficeSetup.exe+137e5|C:\Temp\OfficeSetup.exe+339a1|C:\Temp\OfficeSetup.exe+27f2a|C:\Temp\OfficeSetup.exe+2a554|C:\Temp\OfficeSetup.exe+2a519|C:\Temp\OfficeSetup.exe+2a5f0 154100x800000000000000063288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.016{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe16.0.13127.21210Microsoft Office Click-to-Run (SxS)Microsoft OfficeMicrosoft CorporationOfficeClickToRun.exeOfficeClickToRun.exe platform=x64 culture=en-us productstoadd=O365ProPlusRetail.16_en-us_x-none cdnbaseurl.16=http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114 baseurl.16=http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114 version.16=16.0.13127.21348 mediatype.16=CDN sourcetype.16=CDN O365ProPlusRetail.excludedapps.16=groove bitnessmigration=False deliverymechanism=7ffbc6bf-bc32-4f92-8982-f9dd17fd3114 flt.useoutlookshareaddon=unknown flt.useofficehelperaddon=unknownC:\Temp\ATTACKRANGE\Administrator{A7A01FEF-C0A5-607E-58C6-320000000000}0x32c6582HighMD5=109DDC7C83BC3AEB49A647A89BD6362A,SHA256=A6F2C3A6E01E6859D00DAC8344560F840EB0AE385CF38FA88E4B91F762317643,IMPHASH=AFC358F4704431026A38B639D4132AC6{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exe"C:\Temp\OfficeSetup.exe" 354300x800000000000000063287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.157{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55146-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.074{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57454-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.071{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57453-false104.76.200.56a104-76-200-56.deploy.static.akamaitechnologies.com80http 10341000x800000000000000063284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.003{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049292Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:40.823{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A8FA49EF06863E8B00E57FA55FC21A1,SHA256=52FF74ECE0AA2CAF9F38422A49478F4F8FFB9213E09F11169F8E2AD327A9ABC5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.847{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AA439F8F91427BEDA686DC6C43B057F,SHA256=AEB204B359B3DFC1BA9254C20F1EC4EFD5A9B7855DC32297618977644C5507D4,IMPHASH=00000000000000000000000000000000falsetrue 22542200x800000000000000063368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.822{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092officecdn.microsoft.com.edgesuite.net0type: 5 officecdn.microsoft.com.edgesuite.net.globalredir.akadns.net;type: 5 a1737.dspw65.akamai.net;::ffff:2.16.106.224;::ffff:2.16.106.194;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 22542200x800000000000000063367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.574{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092ecs.office.com0type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 22542200x800000000000000063366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.360{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ecs.office.com0type: 5 ecs.office.trafficmanager.net;type: 5 s-0005-office.config.skype.com;type: 5 ecs-office.s-0005.s-msedge.net;type: 5 s-0005.s-msedge.net;::ffff:52.113.194.132;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 23542300x800000000000000063365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.441{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=AD308801971211A6360D9ED31C7DC51E,SHA256=AA2F9203167BE2DBE507504DA15CB5B9695DC613D6B8523C27D05769C2FF7291,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.441{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D290AD9C48CA3EEDCDF7E406FF982D3,SHA256=A49A07E67C90C3891C92039FF00B4365B89C878C1F38A8EA8594FDF772E96011,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.316{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\OfficeC2R9610A3B1-5B9E-4F5F-8A42-807B374CCE71\s640.cabMD5=2127962B3293F576E42E241C1594EB4B,SHA256=5EA7B9ACE8C460882A7C73383D1CD622DB993C73A30BDAA8EDC367C9582336C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.175{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R9610A3B1-5B9E-4F5F-8A42-807B374CCE71\BIT63B9.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\OfficeC2R9610A3B1-5B9E-4F5F-8A42-807B374CCE71\BIT63B9.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 23542300x800000000000000063359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\s640CheckReachable10570190-4E41-4486-B46F-FB6E59FF04DAMD5=69691C7BDCC3CE6D5D8A1361F22D04AC,SHA256=08F271887CE94707DA822D5263BAE19D5519CB3614E0DAEDC4C7CE5DAB7473F1,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x4d 23542300x800000000000000063358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT6389.tmpMD5=93B885ADFE0DA089CDF634904FD59F71,SHA256=6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x800000000000000063357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.128{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT6389.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.081{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\Windows\Temp\BIT6389.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.081{A7A01FEF-B626-607E-1600-00000000BB01}15401856C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 354300x800000000000000063354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:38.554{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52776-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.982{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57490- 354300x800000000000000063352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:37.982{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local65535- 23542300x800000000000000063351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\OfficeC2R49DF76BF-A14D-44CB-9027-1A8929C06524\s641033.cabMD5=F83B3489A29357C7E3AD9C38AC2BB91A,SHA256=6B1299B8882A47C613C56557B923A75F6D57598EFC685B280AE9C16729BFD4AD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.003{A7A01FEF-B626-607E-1400-00000000BB01}12762020C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049293Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:41.854{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA2E4B8B6DD4BDCA5CA2CC7558320EE0,SHA256=F1634C8F59B5EF5EC8D790A00446025DDE88E201F16A055E65AF028F34E9D1C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.988{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C4318FF8B5B8459D3F2CEDB7F1F1412,SHA256=77F5E021886318577787828BA77E7DB16F855A4C97259A4FD57B36E001FCD44C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.988{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=255252172703282DBFF11B5DBB25A9E7,SHA256=23BBAC55EF79FCA6862953E3D7567BBB19601BF612774C7944F9C118A5CA8D39,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.800{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.769{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.769{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.769{A7A01FEF-B626-607E-1100-00000000BB01}11762044C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.753{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.753{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.738{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+628b0|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.738{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bd0|C:\Windows\System32\SHELL32.dll+6286c|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.738{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62840|C:\Windows\System32\TwinUI.dll+12d4e1|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.738{A7A01FEF-C0A6-607E-8105-00000000BB01}8365152C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d319|C:\Windows\System32\TwinUI.dll+12dfcf|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.597{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.566{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5296|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.566{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.566{A7A01FEF-B624-607E-0B00-00000000BB01}8605576C:\Windows\system32\lsass.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.550{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.472{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.472{A7A01FEF-B626-607E-1600-00000000BB01}15401640C:\Windows\system32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8362304C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-7B05-00000000BB01}18804408C:\Windows\system32\taskhostw.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6164f|C:\Windows\System32\SHELL32.dll+62f35|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e4e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+618a4|C:\Windows\System32\SHELL32.dll+62e17|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.206{A7A01FEF-C0A6-607E-8105-00000000BB01}8366128C:\Windows\Explorer.EXE{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+13bd9f|C:\Windows\System32\windows.storage.dll+13ab2b|C:\Windows\System32\windows.storage.dll+13904f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.191{A7A01FEF-B626-607E-1300-00000000BB01}12644440C:\Windows\System32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x800000000000000063384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localInvDBSetValue2021-04-20 14:53:41.191{A7A01FEF-B626-607E-1300-00000000BB01}1264C:\Windows\System32\svchost.exeHKU\S-1-5-21-325169965-3944942172-2068406585-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeBinary Data 10341000x800000000000000063383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.191{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.191{A7A01FEF-B626-607E-1300-00000000BB01}12641420C:\Windows\System32\svchost.exe{A7A01FEF-C0A6-607E-8105-00000000BB01}836C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.175{A7A01FEF-C0A3-607E-6C05-00000000BB01}36241208C:\Windows\system32\csrss.exe{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.175{A7A01FEF-C0A6-607E-8105-00000000BB01}836584C:\Windows\Explorer.EXE{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+16e69f|C:\Windows\System32\windows.storage.dll+16e315|C:\Windows\System32\windows.storage.dll+16de06|C:\Windows\System32\windows.storage.dll+16f278|C:\Windows\System32\windows.storage.dll+16dc2e|C:\Windows\System32\windows.storage.dll+fd025|C:\Windows\System32\windows.storage.dll+fd3a4|C:\Windows\System32\windows.storage.dll+fc9e0|C:\Windows\System32\SHELL32.dll+3cd0f|C:\Windows\System32\SHELL32.dll+3cb9c|C:\Windows\System32\SHELL32.dll+dcb5e|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000063379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.980{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56874-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.853{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57462-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.849{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57461-false104.76.200.56a104-76-200-56.deploy.static.akamaitechnologies.com80http 354300x800000000000000063376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.823{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57460-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.818{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57459-false104.76.200.56a104-76-200-56.deploy.static.akamaitechnologies.com80http 354300x800000000000000063374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.585{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57457-false52.113.194.132-443https 354300x800000000000000063373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.584{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57458-false52.109.88.34-443https 354300x800000000000000063372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.373{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57455-false52.113.194.132-443https 354300x800000000000000063371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.371{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57456-false52.109.88.34-443https 354300x800000000000000063370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:39.357{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local61729- 23542300x800000000000000049298Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:42.901{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0495126F6C2FBD4AEE1513DA968C16F,SHA256=82BB1CC765CB87BC39894720B025CB51F0A1C120CC8F964BB959D91C0744D915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:42.597{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27B76900367197B5B71D5AE7D22EFF1C,SHA256=DEEA39428EE155A616BA035D259340FBE1295FFD6EEC25C0DE190B10F1D8FE45,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049297Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:40.760{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52474-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049296Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:40.303{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55738-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049295Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:40.216{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62252-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049294Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:42.401{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E199A3924CF5E761A3BAEEE4B4B46E1D,SHA256=3BB1023F830BF1014FBD283CC6BE133D9D45AA9CB2D5FBA0271ADD88E2A785CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:40.013{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54142-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000063431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.628{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AF50150B626AC9AECF1C5296D78CF08,SHA256=DC48ABCBB2421FB518B4D61A941F5E004EC91DFF802C037F26731AA792858382,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049299Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:43.948{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=223DBE0976E23BA1D48AB46CE967037D,SHA256=AF757D40C374CF7144462FC0F96D61C50F25F670A706F97FF63C6E81C63B220C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.222{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\BIT6FA1.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.768{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57463-false52.109.88.34-443https 354300x800000000000000063428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.444{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55507-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.434{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58176-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:41.430{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58240-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000063425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.175{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\BIT6FA1.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.175{A7A01FEF-B626-607E-1600-00000000BB01}15402648C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000063423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50922784C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+40a441|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+46d554|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+106113|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1c0b10|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1cbb77|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1cb825|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1c49b6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+682c4|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10dd8a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10e9d1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10eee0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.175{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D98DDD627CBF63A51CA28465E1AD6F93,SHA256=E676EB4EDAD6EE7E51C5292817D79FAA0FC5EAC0EF2455DB6CA09CB3C20E5EA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.909{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8F53D87C72B5536DB192F27A7D287314,SHA256=C6BE69115D6094190DD36A2A3EAFD21D446E08D827176BDE46FEF5116F6403A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.706{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\BIT7474.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.644{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B834A7C66951D90C0BC68827BF0D500,SHA256=C20AB83131A0FEB53A682854290800AAE28B4E685D1CA390925DD9894CACD6F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-journalMD5=311903B7BCE310463640A29057057858,SHA256=5FF9CA41973E7C9910AF4A1D7086B3B60CCFF0BE6359FED24381C056744617A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.566{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-journalMD5=3F68694634573B254AA4B5DB3D15CF54,SHA256=EC1F582B5AB61284835E3C254E9EBD768CA2975E26FF262DB4F60F78CDB54E51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Windows\Temp\WIN-DC-339-20210420-1453.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.399{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57465-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 23542300x800000000000000063438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.410{A7A01FEF-B626-607E-1600-00000000BB01}1540NT AUTHORITY\SYSTEMC:\Windows\system32\svchost.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\BIT7474.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.410{A7A01FEF-B626-607E-1600-00000000BB01}15404372C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+61c8b|c:\windows\system32\qmgr.dll+2f267|c:\windows\system32\qmgr.dll+2db8f|c:\windows\system32\qmgr.dll+1f9de|c:\windows\system32\qmgr.dll+1fd4c|c:\windows\system32\qmgr.dll+1fb85|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\combase.dll+64ddc|C:\Windows\System32\combase.dll+64a92|C:\Windows\System32\combase.dll+633a8|C:\Windows\System32\combase.dll+6112d|C:\Windows\System32\combase.dll+6080f|C:\Windows\System32\combase.dll+7bfe9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b 10341000x800000000000000063436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.410{A7A01FEF-EAF3-607E-6E0B-00000000BB01}50922784C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+40a441|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+46d554|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+106113|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1c0b10|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1cbb77|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1cb825|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+1c49b6|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\StreamServer.dll+682c4|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10dd8a|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10e9d1|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+10eee0|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+b0474|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c5a8d|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+c3bf7|C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe+188f9a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000063435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:42.907{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59606-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:42.118{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com61610-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:42.106{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57464-false10.0.1.12-8000- 23542300x800000000000000063432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.222{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Users\ADMINI~1\AppData\Local\Temp\WIN-DC-339-20210420-1453a.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049301Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:44.979{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=031E501ACFE2F0FB816BCC83195CFECC,SHA256=DB01D4D2D0267A7F12A4C485D9AAFE2B96F98064EE7801D0E582B6DCEB092275,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049300Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:42.029{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63741-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000063448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:45.659{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C302D52227FA7F59F17DB34549A4F2B6,SHA256=3211294332C4471E19EBC07845ADDF7657E7E51AE8AF5D72E1214F4030752F5D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.006{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57467-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:43.786{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57466-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000049304Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:43.692{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65236-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 13241300x800000000000000049303Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-SetValue2021-04-20 14:53:45.401{85C0FFC9-B7ED-607E-1000-00000000BB01}992C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d735f4-0xf6772698) 23542300x800000000000000049302Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:45.229{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2CA12D3ABC7481F331DF05CBD3B778BA,SHA256=080CCA52AD98C7F6D0BA03B064646C1AE8F22707D0341CFE4C1C286DD85F3B8A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:45.764{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57469-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 23542300x800000000000000063454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:46.706{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=170F8C9A3D8CFA13742D6749E85F8E11,SHA256=CC23AADBC77FF9F0E05AB2CE90931D9EA793857C478BE657B4D2F32CA67FCB88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:46.644{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69514702A46F23E183CC77A33E9C8798,SHA256=79EF7D8D3D31B65623BB8E993BF663C0D5532C6F059518368D39E532DCFD298E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:46.613{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeC:\Users\ADMINI~1\AppData\Local\Temp\WIN-DC-339-20210420-1453b.logMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:45.504{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com51075-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:45.441{A7A01FEF-B626-607E-1100-00000000BB01}1176C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudpfalsefalse10.0.1.14win-dc-339.attackrange.local123ntpfalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal123ntp 354300x800000000000000063449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:44.483{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57468-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000049308Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:44.994{85C0FFC9-B7ED-607E-1000-00000000BB01}992C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-895.attackrange.local123ntpfalse51.105.208.173-123ntp 354300x800000000000000049307Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:44.993{85C0FFC9-B7ED-607E-1000-00000000BB01}992C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-895.attackrange.local123ntpfalse10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal123ntp 354300x800000000000000049306Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:44.970{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50880-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049305Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:46.009{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93E29E80F87B6D63C39570EF1D60CF51,SHA256=81E97F85E830BB6A1B310F8155B76BC819D6AAD1DA5B619B161D735E1037D446,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:47.722{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0B274A9C3BE6CCCBE50D38A5794537A1,SHA256=E6C3A73A9FD397A9DBBD2870502C9868067F2127D157F45C5FDBFB6C78436629,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049312Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:45.789{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52475-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049311Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:45.150{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50343-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049310Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:47.009{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=938F202E57AF76D1395A117C1EDD0994,SHA256=3F97BBCF5D9570C7B2A9E974BA7F7BF418BFD6366E99A3BDA3C7B0AFD1A29E8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049309Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:47.009{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A1CBF584EB40C8DF249E9897996BC7D9,SHA256=39F32D27631AC3891DDF7C450A93A3D6CABCAFF55A8B13E84B8A1CEFEFED69DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:48.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=781CEE1A3DF9D064F8AD72E5ECDE026B,SHA256=B1D0255377B9F75A38CDD6925CCF3E553C030DFCE60B31FBDEDC552940F4439F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:47.585{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52476-false10.0.1.14win-dc-339.attackrange.local49676- 354300x800000000000000049317Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:47.139{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52476-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 354300x800000000000000049316Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:46.641{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51829-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049315Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:46.475{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50712-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049314Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:48.540{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB031007E8783BABAFDF35FFFFA7FE9B,SHA256=62118EE113A01282CD8EC463E39A25A1780C08984F7BD416155610FCAAF2C0F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049313Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:48.040{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46BE6ACC2476C4FBCA0A4503BB93C0AB,SHA256=B5A787F26CAA18BE18427A1FBFE26ED8EFB1D688BD3D54B973861DB0DE8DA70D,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:48.794{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-6097-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000063462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.832{A7A01FEF-B626-607E-1400-00000000BB01}12763692C:\Windows\system32\svchost.exe{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.738{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC63CD16A37239CA9DB6EF1B3B70A46B,SHA256=706D4EB154EB4661A6935EDB3EC83C8FF352D34A3D9DC8D9EA96C89277C267C0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:48.076{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57470-false10.0.1.12-8000- 23542300x800000000000000063459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.425{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-journalMD5=82A5E234B1632A9AE1080BDC4CCE89FC,SHA256=ADECA13A7AD1D0EF673061B6032D814B44B20C9B55B214C5287EE86DB4958686,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049319Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:49.634{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B3809A57D34B2D46E310DFDA5D6A4898,SHA256=0F85A31075FBD51DB26DB8BD66B8F27C2AF02BD3AF0090912A74025E79E6479A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049318Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:49.118{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=886162A774C72D2079A77E31559D334D,SHA256=E0C30DF55A3F35783403B3627F7F8A51457752719152126DC6547F3EC0F4740D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.816{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=605FCD8F318AC212A8F35FC17649A2B1,SHA256=C3934456C9547B2BB60124647AC9D1D92F5290277D75FE473817B815BEDEFB0D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.816{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D8224C207092E3686FEBCE3C800E4531,SHA256=674114360EBD752563EDB7C54D0B9149BA1AFE74C2E321448E72AC8BBC3B95F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.754{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=054D31A563779D8F7751767EABB57F86,SHA256=146710DDF8F8F36BCD50FFC52D8C951CB6AAE0BF1DC21FBF887AE34352FC32CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.322{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com51673-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000063465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.363{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=57B7F8ECBA270B1DBE68C92934D0CA89,SHA256=DC7F230D289D2661860CB42DA1C52A5B59AF5BF2625C5373E7BC9622C7FCF887,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.019{A7A01FEF-EAF3-607E-6D0B-00000000BB01}4484ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-journalMD5=9E4ADBDB257BB11C76D4F39DF1E5B32A,SHA256=21F8EA7993D2EB3F693A1AFEA131AF07F6C073892732A21ABB3C83A23560E7BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049323Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:50.868{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D76A52236B34C99B0F032205EEE0CA60,SHA256=20EF4BC9F19CA033FB962E96E0812BAEF6E21DBBE655EBEC508977C70E261ECB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049322Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:48.619{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53309-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049321Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:47.863{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60771-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049320Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:50.149{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4196E809A2696AD40419AA993A898A59,SHA256=511563D1A0F4A9F028838C18C117C2670AEDDCD614065A4E7B82F69253E27646,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.925{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D8133150381A6219CBCC184CE006AA06,SHA256=6354712CDFC0FC8220B4665F1068536226111DB3DCF9A6A36B91FD545E26A18C,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.654{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57473-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 23542300x800000000000000063477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.769{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B6F670EED6DFF4EBE2141A3BEEBBB08,SHA256=89D2E3A32653412C6F464D228E33D762478F08C76C54CC5576F5E87FEB57D320,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.737{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db-journalMD5=140EC9E0A652D6797A16F6F2EC110E07,SHA256=6175D49B141E953C841C0CEA685DE851FE1462A588BC12F9F4BFAE5879F450BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.722{A7A01FEF-EAF4-607E-6F0B-00000000BB01}5156ATTACKRANGE\AdministratorC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exeC:\Users\Administrator\AppData\Local\Microsoft\Office\OTele\officec2rclient.exe.db-journalMD5=332BC99CD51EAC6467E0F7A0F35A0864,SHA256=E3F0B4943F59DA2FEA1EBBD3AC551FA1AE1B84E228A7EED8AD9141AB9880C68B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.288{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7462-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.000{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55245-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.885{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57472-false93.184.220.29-80http 354300x800000000000000063471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.872{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local64699- 354300x800000000000000063470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:49.816{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57471-false52.114.77.34-443https 23542300x800000000000000049324Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:51.196{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33448AD3B8F4ACA64B8517DF8AF4127A,SHA256=00407D91936D8B41666B3EEE3143C061A3FA4A2189C84C5C05498B9BFFF7974C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:52.862{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3B0F43978D24F3DB0EAB53AB3751187,SHA256=4F4E94B89F63CFBF34CC266469A68CA7E72C843C682F5004D07B5241AFB9DE2E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:51.792{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-8827-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:50.953{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57474-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000049327Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:50.821{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52477-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049326Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:50.553{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54796-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049325Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:52.212{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06C96D5EDAF621442BC3BFFCB2DF8EC0,SHA256=91A3D0CA2A8A7F072191B66DB6C2E59C882B7FB61E4F97C699914EE04CB6E3C9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:52.783{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57475-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 23542300x800000000000000063484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:53.878{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E685422A0F8A7BC1C4A67AB725B3631,SHA256=F6DBBDA3960E95132D4DCAA538D58162DC679AF576FE5DF1F5A5EA0DE7E4665D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:53.753{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DC1C3572931C24A4510A2B549F5224EC,SHA256=673BC12767BB9107FE26964CA679E53D3F148202219D216424D7185346306CA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049330Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:53.884{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6F90A6B289864CD75468672FB728D897,SHA256=581F9FFD3095714F1245C2EDCFF2DC80D7480CA34CAB38A515463E53315FCEA2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049329Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:51.916{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56275-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049328Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:53.243{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C0A09FD3E27703C6E424C41B2459BA2E,SHA256=C60048D81B399322F3C6B48BD64BFD7464398AFF54409A857F5DBF8916C54E72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.894{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A522E6E9F2C5A43988B70F79872D119,SHA256=5F117AB23048FCB178AB46196428848D574DB7BA97440B1EB368B2A8D3DBA0FB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049344Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB02-607E-CD06-00000000BB01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049343Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049342Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049341Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049340Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049339Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049338Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049337Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049336Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049335Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049334Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB02-607E-CD06-00000000BB01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049333Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.868{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB02-607E-CD06-00000000BB01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049332Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.869{85C0FFC9-EB02-607E-CD06-00000000BB01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049331Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.306{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13EE82776511A1EE3B135AB26F9B2174,SHA256=B7DE6D06DEB6DEE43ABF04D984D42227BF9298465BD9AB95C51902648E62F765,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:55.909{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01E2516DB220F7B6D6CD78CC694BFDA3,SHA256=23AC91C7B4A05F4D3178B451610B54E4809090C00E81F6496F002CC0C29E65F5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:53.361{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-10193-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:53.093{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57476-false10.0.1.12-8000- 23542300x800000000000000063487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:55.144{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C619C31CD5D42D6E3DDE06A04FFD2CD,SHA256=426DD807605F3F9679E922778913021FE189A35345292963C0A1CCAF24749485,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049361Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:53.345{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57750-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049360Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.587{85C0FFC9-EB03-607E-CE06-00000000BB01}2848484C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049359Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.571{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F1A0127283CF5934D4E249E1E8DC05FA,SHA256=52FA780AA8E3105300DBCF0AC3303085A1046725C33AA0F3A2815A6FC3DC5469,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049358Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB03-607E-CE06-00000000BB01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049357Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049356Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049355Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049354Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049353Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049352Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049351Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049350Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049349Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049348Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB03-607E-CE06-00000000BB01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049347Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.478{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB03-607E-CE06-00000000BB01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049346Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.479{85C0FFC9-EB03-607E-CE06-00000000BB01}2848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049345Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:55.321{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8CA5E7B36544F594F61E81F7F4671F5B,SHA256=8A052EA1A687DA1CDAEDF4C9FF8B06055EC70069E782A5957F4F31AFCEFEFCAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:56.925{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55F9991AEB9216B460CF415A6802AAED,SHA256=8560DC3B13F08914114DF6EEF8192F4857EA2C378E966A96EB68143C459FD176,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000063498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:55.749{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com62640-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:55.211{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62023-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.910{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3360-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.703{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57478-false2.16.106.224a2-16-106-224.deploy.static.akamaitechnologies.com80http 354300x800000000000000063494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.686{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11558-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.653{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57477-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000063492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:54.653{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57477-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 23542300x800000000000000063491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:56.269{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4CF4B6D970685FA9D5DA60C53CD0554B,SHA256=8075957E900790B24D4C09765738E0E9A4D61DA4C1FB3B73AB0A11763E77055B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049377Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.891{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59223-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049376Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:54.675{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60274-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049375Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.759{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9935536CE0E5F80F93BB2187AB7D584E,SHA256=B5FF76B740F3653E87879BF3FA956B14E0AB45F91D2BB27990B5F798B3A6E44A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049374Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB04-607E-CF06-00000000BB01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049373Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049372Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049371Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049370Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049369Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049368Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049367Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049366Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049365Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049364Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB04-607E-CF06-00000000BB01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049363Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.149{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB04-607E-CF06-00000000BB01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049362Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.150{85C0FFC9-EB04-607E-CF06-00000000BB01}4076C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\vccorlib140.dll2021-04-20 14:53:57.784 11241100x800000000000000063559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\vcruntime140.dll2021-04-20 14:53:57.784 11241100x800000000000000063558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\Interceptor.dll2021-04-20 14:53:57.784 11241100x800000000000000063557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\JitV.dll2021-04-20 14:53:57.784 11241100x800000000000000063556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcp140.dll2021-04-20 14:53:57.784 354300x800000000000000063555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:56.378{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4728-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000063554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.769{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcr120.dll2021-04-20 14:53:57.769 11241100x800000000000000063553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.769{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\ucrtbase.dll2021-04-20 14:53:57.769 11241100x800000000000000063552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:53:57.753 11241100x800000000000000063551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vcruntime140_1.dll2021-04-20 14:53:57.753 11241100x800000000000000063550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\MSB1FREN.DLL2021-04-20 14:53:57.753 11241100x800000000000000063549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLL2021-04-20 14:53:57.753 11241100x800000000000000063548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\C2R64.dll2021-04-20 14:53:57.675 11241100x800000000000000063547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AppvIsvSubsystems64.dll2021-04-20 14:53:57.675 11241100x800000000000000063546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msproof7.dll2021-04-20 14:53:57.659 11241100x800000000000000063545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPUB.EXE2021-04-20 14:53:57.581 11241100x800000000000000063544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OART.DLL2021-04-20 14:53:57.550 11241100x800000000000000063543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pj11icon.exe2021-04-20 14:53:57.472 11241100x800000000000000063542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe2021-04-20 14:53:57.472 11241100x800000000000000063541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe2021-04-20 14:53:57.456 11241100x800000000000000063540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.441{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe2021-04-20 14:53:57.441 11241100x800000000000000063539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.441{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\sscicons.exe2021-04-20 14:53:57.441 11241100x800000000000000063538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.441{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\oregres.dll2021-04-20 14:53:57.441 11241100x800000000000000063537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.441{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe2021-04-20 14:53:57.441 11241100x800000000000000063536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\dbcicons.exe2021-04-20 14:53:57.425 11241100x800000000000000063535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\grv_icons.exe2021-04-20 14:53:57.425 11241100x800000000000000063534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\joticon.exe2021-04-20 14:53:57.425 11241100x800000000000000063533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msspell7.dll2021-04-20 14:53:57.394 11241100x800000000000000063532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA0009.DLL2021-04-20 14:53:57.394 11241100x800000000000000063531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA000A.DLL2021-04-20 14:53:57.378 11241100x800000000000000063530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\RICHED20.DLL2021-04-20 14:53:57.378 11241100x800000000000000063529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe2021-04-20 14:53:57.347 11241100x800000000000000063528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe2021-04-20 14:53:57.347 11241100x800000000000000063527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\misc.exe2021-04-20 14:53:57.347 11241100x800000000000000063526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe2021-04-20 14:53:57.347 11241100x800000000000000063525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOCIALCONNECTOR.DLL2021-04-20 14:53:57.315 11241100x800000000000000063524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\tmpod.dll2021-04-20 14:53:57.315 11241100x800000000000000063523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBE7.DLL2021-04-20 14:53:57.284 11241100x800000000000000063522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MAPIR.DLL2021-04-20 14:53:57.269 11241100x800000000000000063521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UmOutlookStrings.dll2021-04-20 14:53:57.269 11241100x800000000000000063520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.144{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS000A.dll2021-04-20 14:53:57.144 11241100x800000000000000063519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.144{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSORES.DLL2021-04-20 14:53:57.144 11241100x800000000000000063518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.144{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS0009.dll2021-04-20 14:53:57.144 11241100x800000000000000063517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7MODELS000C.dll2021-04-20 14:53:57.128 11241100x800000000000000063516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EXCEL.EXE2021-04-20 14:53:57.112 11241100x800000000000000063515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Uc.dll2021-04-20 14:53:57.097 11241100x800000000000000063514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UcAddinRes.dll2021-04-20 14:53:57.097 11241100x800000000000000063513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONMAIN.DLL2021-04-20 14:53:57.097 11241100x800000000000000063512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UCAddin.dll2021-04-20 14:53:57.097 11241100x800000000000000063511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPCORE.DLL2021-04-20 14:53:57.097 11241100x800000000000000063510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ALRTINTL.DLL2021-04-20 14:53:57.097 11241100x800000000000000063509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLINTL32.DLL2021-04-20 14:53:57.097 11241100x800000000000000063508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EMSMDB32.DLL2021-04-20 14:53:57.081 11241100x800000000000000063507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mfc140u.dll2021-04-20 14:53:57.081 11241100x800000000000000063506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONTAB32.DLL2021-04-20 14:53:57.034 11241100x800000000000000063505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\OUTLVBA.DLL2021-04-20 14:53:57.034 11241100x800000000000000063504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSPTLS.DLL2021-04-20 14:53:57.034 11241100x800000000000000063503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WWLIB.DLL2021-04-20 14:53:57.034 11241100x800000000000000063502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PPINTL.DLL2021-04-20 14:53:57.034 11241100x800000000000000063501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:57.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLOOK.EXE2021-04-20 14:53:57.019 11241100x800000000000000063500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:57.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:53:57.019 354300x800000000000000049408Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.286{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64356-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049407Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.946{85C0FFC9-EB05-607E-D106-00000000BB01}19721588C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049406Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB05-607E-D106-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049405Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049404Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049403Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049402Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049401Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049400Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049399Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049398Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049397Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049396Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB05-607E-D106-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049395Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.837{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB05-607E-D106-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049394Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.838{85C0FFC9-EB05-607E-D106-00000000BB01}1972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049393Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.759{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E287C9F7AA14AFEA3423FE6183311DDE,SHA256=3CDB16BC609ABAA9182D360A36197FF83A1E6C541801DAFC91322A4340E6E5BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049392Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.274{85C0FFC9-EB05-607E-D006-00000000BB01}20043156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049391Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5DEC5B83EFE371C35B1F6AA002CFDFA4,SHA256=91F3DAC745D93B7C495321867107F4021D51C99934F55AD8C2FAE51B06823E1F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049390Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB05-607E-D006-00000000BB01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049389Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049388Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049387Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049386Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049385Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049384Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049383Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049382Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049381Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049380Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB05-607E-D006-00000000BB01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049379Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.165{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB05-607E-D006-00000000BB01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049378Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:57.166{85C0FFC9-EB05-607E-D006-00000000BB01}2004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000063577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.706{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RTMPLTFM.dll2021-04-20 14:53:58.362 11241100x800000000000000063575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmcodecs.dll2021-04-20 14:53:58.362 11241100x800000000000000063574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rdpqoemetrics.dll2021-04-20 14:53:58.362 11241100x800000000000000063573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lyncDesktopViewModel.dll2021-04-20 14:53:58.347 11241100x800000000000000063572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SLINTL.DLL2021-04-20 14:53:58.347 11241100x800000000000000063571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ORGCHART.CHM2021-04-20 14:53:58.347 11241100x800000000000000063570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_64\Microsoft.Office.Access.BusinessDataCatalog\16.0.0.0__71E9BCE111E9429C\Microsoft.Office.Access.BusinessDataCatalog.DLL2021-04-20 14:53:58.347 11241100x800000000000000063569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.AdomdClient\13.0.0.0__89845DCD8080CC91\Microsoft.AnalysisServices.AdomdClient.dll2021-04-20 14:53:58.347 11241100x800000000000000063568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.AnalysisServices.SPClient.Interfaces\13.0.0.0__89845DCD8080CC91\Microsoft.AnalysisServices.SPClient.Interfaces.DLL2021-04-20 14:53:58.347 11241100x800000000000000063567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.BusinessData\16.0.0.0__71E9BCE111E9429C\Microsoft.BusinessData.dll2021-04-20 14:53:58.347 11241100x800000000000000063566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\16.0.0.0__71E9BCE111E9429C\microsoft.office.businessapplications.diagnostics.dll2021-04-20 14:53:58.347 11241100x800000000000000063565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData.Intl\16.0.0.0__71E9BCE111E9429C\microsoft.office.businessdata.intl.dll2021-04-20 14:53:58.331 11241100x800000000000000063564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\assembly\GAC_MSIL\Microsoft.Office.BusinessData\16.0.0.0__71E9BCE111E9429C\microsoft.office.businessdata.dll2021-04-20 14:53:58.331 23542300x800000000000000063563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.284{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2DE4A35230FDDAF26B1C5267E3BB082C,SHA256=1487432C1FD3C6A01D67BCD3D9C39866DC9B25426F286AFDE568DF21DECB08A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.097{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2EA104FD220FAF4174BA980ED363BEB,SHA256=E88E703157D1A8250D5BB104C4CDB09BEFF04E4E6AC965F69A36DAF3EEAF21C5,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:58.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LyncDesktopSmartBitmapResources.dll2021-04-20 14:53:58.081 10341000x800000000000000049423Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.509{85C0FFC9-EB06-607E-D206-00000000BB01}23801460C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049422Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB06-607E-D206-00000000BB01}2380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049421Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049420Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049419Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049418Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049417Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049416Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049415Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049414Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049413Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049412Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB06-607E-D206-00000000BB01}2380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049411Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.384{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB06-607E-D206-00000000BB01}2380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049410Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.385{85C0FFC9-EB06-607E-D206-00000000BB01}2380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049409Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:58.259{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=229CD096E5DFA3176AE652E07FDE8D6C,SHA256=4AD716D80E9001DE2FF20F9C5600FC7F4E9480CD1A4B26A2E0A0B57238EF251B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.972{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ThirdPartyNotices.txt2021-04-20 14:53:59.972 11241100x800000000000000063619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.972{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSO.FRAMEPROTOCOLWIN32.DLL2021-04-20 14:53:59.972 11241100x800000000000000063618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.894{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.dll2021-04-20 14:53:59.894 11241100x800000000000000063617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.894{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CHAKRACORE.DLL2021-04-20 14:53:59.894 11241100x800000000000000063616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.894{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\Addons\OneDriveSetup.exe2021-04-20 14:53:59.894 11241100x800000000000000063615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.894{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll2021-04-20 14:53:59.878 11241100x800000000000000063614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL2021-04-20 14:53:59.878 11241100x800000000000000063613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AdeModule.dll2021-04-20 14:53:59.878 11241100x800000000000000063612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll2021-04-20 14:53:59.878 11241100x800000000000000063611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll2021-04-20 14:53:59.878 11241100x800000000000000063610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKExcel.dll2021-04-20 14:53:59.878 11241100x800000000000000063609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\msipc.dll2021-04-20 14:53:59.862 11241100x800000000000000063608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIA.DLL2021-04-20 14:53:59.862 11241100x800000000000000063607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOCR.DLL2021-04-20 14:53:59.862 11241100x800000000000000063606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mce.dll2021-04-20 14:53:59.862 11241100x800000000000000063605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msfad.dll2021-04-20 14:53:59.862 11241100x800000000000000063604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoasb.exe2021-04-20 14:53:59.862 11241100x800000000000000063603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoadfsb.exe2021-04-20 14:53:59.862 11241100x800000000000000063602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\INTLDATE.DLL2021-04-20 14:53:59.862 11241100x800000000000000063601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCICONS.EXE2021-04-20 14:53:59.862 11241100x800000000000000063600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEIMP.DLL2021-04-20 14:53:59.862 11241100x800000000000000063599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excelcnv.exe2021-04-20 14:53:59.862 11241100x800000000000000063598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CNFNOT32.EXE2021-04-20 14:53:59.862 11241100x800000000000000063597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VPREVIEW.EXE2021-04-20 14:53:59.862 354300x800000000000000063596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:57.780{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14288-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000063595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\sqmapi_x64.dll2021-04-20 14:53:59.472 11241100x800000000000000063594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll2021-04-20 14:53:59.472 11241100x800000000000000063593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll2021-04-20 14:53:59.472 11241100x800000000000000063592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll2021-04-20 14:53:59.472 11241100x800000000000000063591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll2021-04-20 14:53:59.472 11241100x800000000000000063590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll2021-04-20 14:53:59.472 11241100x800000000000000063589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:53:59.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll2021-04-20 14:53:59.472 10341000x800000000000000063588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB07-607E-700B-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB07-607E-700B-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.347{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB07-607E-700B-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.207{A7A01FEF-EB07-607E-700B-00000000BB01}4272C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OWSHLP10.CHM2021-04-20 14:53:59.315 23542300x800000000000000063579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.112{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93FCEBB273A4BF1D451E1F870EC39092,SHA256=CEAA691673DE866FD9FEF9B50708FD8846B6AA7202BD6E323F74BD1DFBD54E15,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:53:59.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\eqnedt32.exe2021-04-20 14:53:59.050 23542300x800000000000000049428Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:59.603{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=03D572BF474236FE53548ACC15EC9275,SHA256=9E455365AE85D5C07ADC0B68699C2E02C2731CD74BF387601544DF3F10D1AC87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049427Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:59.415{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ED346986EDBE3E23C3116D8A9C7F6A7D,SHA256=28C7F9345460804A8E9AE70A90F435299C92698A550ACCC17EA260F3A7B3D207,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049426Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.649{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52478-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049425Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:56.488{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60696-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049424Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:59.009{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62917888B3466FA6BD918CD5B0CEFCCB,SHA256=F3BAF245345397D53891F426B20E156BC982254007F9F74B0CCC38BBEC203509,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmdlocal.dll2021-04-20 14:54:00.925 354300x800000000000000063659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.500{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53095-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.315{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12923-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.127{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-15653-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:59.106{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57480-false10.0.1.12-8000- 354300x800000000000000063655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:53:58.762{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57479-false10.0.1.12-8089- 11241100x800000000000000063654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msmdlocal.dll2021-04-20 14:54:00.800 11241100x800000000000000063653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\TextIntelligence.dll2021-04-20 14:54:00.753 11241100x800000000000000063652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOIDCLIL.DLL2021-04-20 14:54:00.706 11241100x800000000000000063651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.644{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOIDRES.DLL2021-04-20 14:54:00.644 11241100x800000000000000063650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.644{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSORES.DLL2021-04-20 14:54:00.644 10341000x800000000000000063649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.612{A7A01FEF-EB08-607E-710B-00000000BB01}31846244C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000063648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.597{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3539C3017521706E21A8B46C59657812,SHA256=8C745A142E664481A57C963377C867E16E093AD35362A1F64A0EC52C7AB276CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.597{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=531620A93E1141215BE3E0BE7B11B6C5,SHA256=86945343A270ACC708DC0A5CFA5EFF746F4EFD18FABD61E45E2DAD6B817C2270,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso98win32client.dll2021-04-20 14:54:00.581 11241100x800000000000000063645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\FPWEC.DLL2021-04-20 14:54:00.550 11241100x800000000000000063644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmsrv_xl.dll2021-04-20 14:54:00.534 11241100x800000000000000063643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmpersistence_xl.dll2021-04-20 14:54:00.472 11241100x800000000000000063642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmdlocal_xl.dll2021-04-20 14:54:00.472 10341000x800000000000000063641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.440{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB08-607E-710B-00000000BB01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB08-607E-710B-00000000BB01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.425{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB08-607E-710B-00000000BB01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:00.285{A7A01FEF-EB08-607E-710B-00000000BB01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Csi.dll2021-04-20 14:54:00.409 11241100x800000000000000063632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\adal.dll2021-04-20 14:54:00.409 11241100x800000000000000063631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWDAT.DLL2021-04-20 14:54:00.331 11241100x800000000000000063630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCL.DLL2021-04-20 14:54:00.315 11241100x800000000000000063629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordcnv.dll2021-04-20 14:54:00.300 11241100x800000000000000063628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\react-native-win32.dll2021-04-20 14:54:00.269 11241100x800000000000000063627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgrammar8.dll2021-04-20 14:54:00.159 11241100x800000000000000063626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPINTL.COMMON.DLL2021-04-20 14:54:00.159 11241100x800000000000000063625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:00.144{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PDFREFLOW.EXE2021-04-20 14:54:00.144 11241100x800000000000000063624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll2021-04-20 14:54:00.065 11241100x800000000000000063623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Data0011.DLL2021-04-20 14:54:00.019 11241100x800000000000000063622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7tk.dll2021-04-20 14:54:00.003 11241100x800000000000000063621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:00.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7tkjp.dll2021-04-20 14:54:00.003 10341000x800000000000000049442Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB08-607E-D306-00000000BB01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049441Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049440Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049439Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049438Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049437Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049436Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049435Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049434Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049433Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049432Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB08-607E-D306-00000000BB01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049431Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB08-607E-D306-00000000BB01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049430Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.212{85C0FFC9-EB08-607E-D306-00000000BB01}3832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049429Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:00.024{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=988598D6A5A0FCD12292BDAB9F3055A7,SHA256=CB5199EC71055B49D79A30A7F8589B7FDBDDE6AB5D1E2B05DE2CAFFBFF2521F2,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.769{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msolap.dll2021-04-20 14:54:01.769 11241100x800000000000000063747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msolui.dll2021-04-20 14:54:01.737 11241100x800000000000000063746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dll2021-04-20 14:54:01.565 11241100x800000000000000063745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:01.565 11241100x800000000000000063741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:01.565 11241100x800000000000000063734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\AccessMessageDismissal.txt2021-04-20 14:54:01.565 11241100x800000000000000063733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DocumentFormat.OpenXml.dll2021-04-20 14:54:01.565 11241100x800000000000000063732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\ExcelMessageDismissal.txt2021-04-20 14:54:01.534 11241100x800000000000000063731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:01.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\filecompare.exe2021-04-20 14:54:01.534 11241100x800000000000000063730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Shared.v11.1.dll2021-04-20 14:54:01.534 11241100x800000000000000063729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.Misc.v11.1.dll2021-04-20 14:54:01.534 11241100x800000000000000063728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.519{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.Misc.v8.1.dll2021-04-20 14:54:01.519 11241100x800000000000000063727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.519{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraChart.v11.1.Design.dll2021-04-20 14:54:01.519 11241100x800000000000000063726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraChart.v8.1.Design.dll2021-04-20 14:54:01.503 11241100x800000000000000063725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinChart.v11.1.dll2021-04-20 14:54:01.487 11241100x800000000000000063724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinEditors.v11.1.dll2021-04-20 14:54:01.487 11241100x800000000000000063723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinEditors.v8.1.dll2021-04-20 14:54:01.472 11241100x800000000000000063722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.472{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinGrid.v11.1.dll2021-04-20 14:54:01.472 11241100x800000000000000063721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinGrid.v8.1.dll2021-04-20 14:54:01.456 11241100x800000000000000063720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinStatusBar.v11.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinStatusBar.v8.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTabControl.v11.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTabControl.v8.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinToolbars.v11.1.dll2021-04-20 14:54:01.440 11241100x800000000000000063715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinToolbars.v8.1.dll2021-04-20 14:54:01.409 11241100x800000000000000063714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTree.v11.1.dll2021-04-20 14:54:01.394 11241100x800000000000000063713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinTree.v8.1.dll2021-04-20 14:54:01.394 11241100x800000000000000063712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.v11.1.dll2021-04-20 14:54:01.394 11241100x800000000000000063711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\MSVCR110.DLL2021-04-20 14:54:01.362 11241100x800000000000000063710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\NativeShim.dll2021-04-20 14:54:01.347 11241100x800000000000000063709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\NativeShim.Resources.dll2021-04-20 14:54:01.347 11241100x800000000000000063708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Northwoods.Go.dll2021-04-20 14:54:01.347 11241100x800000000000000063707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\stdole.dll2021-04-20 14:54:01.347 11241100x800000000000000063706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Compression.Base.dll2021-04-20 14:54:01.347 11241100x800000000000000063705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Core.dll2021-04-20 14:54:01.347 11241100x800000000000000063704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Base.dll2021-04-20 14:54:01.347 11241100x800000000000000063703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Base.dll2021-04-20 14:54:01.347 11241100x800000000000000063702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Windows.dll2021-04-20 14:54:01.347 11241100x800000000000000063701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Windows.dll2021-04-20 14:54:01.331 11241100x800000000000000063700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grouping.Base.dll2021-04-20 14:54:01.331 11241100x800000000000000063699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Shared.Base.dll2021-04-20 14:54:01.315 11241100x800000000000000063698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Shared.Windows.dll2021-04-20 14:54:01.300 11241100x800000000000000063697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Tools.Base.dll2021-04-20 14:54:01.300 11241100x800000000000000063696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Tools.Windows.dll2021-04-20 14:54:01.300 23542300x800000000000000063695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.300{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F590C07BDC2E106F0E494E02B43B5758,SHA256=0D289C8F0B51877A30121050BC9B8358A4D1E63F52900FF47497E492570514FC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.XlsIO.Base.dll2021-04-20 14:54:01.269 11241100x800000000000000063693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\IEAWSDC.DLL2021-04-20 14:54:01.237 11241100x800000000000000063692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MeetingJoinAxOC.dll2021-04-20 14:54:01.237 23542300x800000000000000063691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=018DA42B7BF5FE887573F89EC06EE5DD,SHA256=2C93CA8E9075B734CE4DEDEBAB350F69ECA25B03B329209BB8E871C95348AC1C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE2021-04-20 14:54:01.237 11241100x800000000000000063689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp120.dll2021-04-20 14:54:01.237 10341000x800000000000000063688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB09-607E-720B-00000000BB01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB09-607E-720B-00000000BB01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 11241100x800000000000000063682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcr120.dll2021-04-20 14:54:01.237 10341000x800000000000000063681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.237{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB09-607E-720B-00000000BB01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:01.097{A7A01FEF-EB09-607E-720B-00000000BB01}4808C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAMEEXT.DLL2021-04-20 14:54:01.222 11241100x800000000000000063678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OLKFSTUB.DLL2021-04-20 14:54:01.222 11241100x800000000000000063677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OWSSUPP.DLL2021-04-20 14:54:01.222 11241100x800000000000000063676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ucrtbase.dll2021-04-20 14:54:01.222 11241100x800000000000000063675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\VVIEWER.DLL2021-04-20 14:54:01.128 11241100x800000000000000063674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\atl100.dll2021-04-20 14:54:01.128 11241100x800000000000000063673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\atl110.dll2021-04-20 14:54:01.128 11241100x800000000000000063672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140.dll2021-04-20 14:54:01.097 11241100x800000000000000063671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140enu.dll2021-04-20 14:54:01.081 11241100x800000000000000063670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp100.dll2021-04-20 14:54:01.065 11241100x800000000000000063669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp110.dll2021-04-20 14:54:01.065 11241100x800000000000000063668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp120.dll2021-04-20 14:54:01.065 11241100x800000000000000063667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr120.dll2021-04-20 14:54:01.065 11241100x800000000000000063666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib110.dll2021-04-20 14:54:01.050 11241100x800000000000000063665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib120.dll2021-04-20 14:54:01.050 11241100x800000000000000063664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140.dll2021-04-20 14:54:01.019 11241100x800000000000000063663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140enu.dll2021-04-20 14:54:01.019 11241100x800000000000000063662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.019{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\FM20.DLL2021-04-20 14:54:01.019 11241100x800000000000000063661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:01.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\VVIEWDWG.DLL2021-04-20 14:54:01.003 354300x800000000000000049445Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:53:59.651{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63641-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049444Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:01.399{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AA672E28C86ECC8DD11C6D90910ABB5A,SHA256=44BA0520FA5DF88B331D7CDDE4C272332771FAE91CE9089A87335881680A36D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049443Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:01.071{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA89C1A5D6016EE10AFC596CF778E572,SHA256=06F373B28CB5D30FCEFBBC965B45BB49D047260D4ECF3875F22BFB167B64F9A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.675{A7A01FEF-EB0A-607E-730B-00000000BB01}69884380C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000063768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp120.dll2021-04-20 14:54:02.550 11241100x800000000000000063767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcr120.dll2021-04-20 14:54:02.550 11241100x800000000000000063766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ucrtbase.dll2021-04-20 14:54:02.534 11241100x800000000000000063765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\FPWEC.DLL2021-04-20 14:54:02.518 11241100x800000000000000063764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\System\ole db\xmlrw.dll2021-04-20 14:54:02.518 11241100x800000000000000063763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\System\ole db\xmlrwbin.dll2021-04-20 14:54:02.518 11241100x800000000000000063762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\adal.dll2021-04-20 14:54:02.518 11241100x800000000000000063761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\FPSRVUTL.DLL2021-04-20 14:54:02.518 23542300x800000000000000063760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3969058BD3315EC96D8C33064E1043EA,SHA256=10A6923E69C78D3F386F5A11735EB7AFECCA953AE9FEE248F2C2662F615244E9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB0A-607E-730B-00000000BB01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB0A-607E-730B-00000000BB01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.503{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB0A-607E-730B-00000000BB01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.363{A7A01FEF-EB0A-607E-730B-00000000BB01}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msolap.dll2021-04-20 14:54:02.175 11241100x800000000000000063750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.097{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dll2021-04-20 14:54:02.034 11241100x800000000000000063749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:02.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\adal.dll2021-04-20 14:54:02.034 354300x800000000000000049448Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:01.078{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62170-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049447Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:02.587{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8F1F19FF469A735A5752779B687B2BE,SHA256=AF4EFEBF02CC9AFB4079BFD822D5D8893A66798B4929E14B3BE191302060AC2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049446Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:02.103{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A42CD22D71FE865DB623D95E9D1D797B,SHA256=15D19B6BD9CAB5CC1991080CB1C753A7C3AADBE5D40EACC8FF73977DF2948D39,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000063849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB0B-607E-750B-00000000BB01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB0B-607E-750B-00000000BB01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.987{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB0B-607E-750B-00000000BB01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.988{A7A01FEF-EB0B-607E-750B-00000000BB01}6488C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msolap_xl.dll2021-04-20 14:54:03.784 11241100x800000000000000063840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\System.Spatial.dll2021-04-20 14:54:03.753 11241100x800000000000000063839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmapi_xl.dll2021-04-20 14:54:03.753 11241100x800000000000000063838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmcachemgr_xl.dll2021-04-20 14:54:03.706 11241100x800000000000000063837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmtransactions_xl.dll2021-04-20 14:54:03.690 11241100x800000000000000063836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmlrw_xl.dll2021-04-20 14:54:03.690 11241100x800000000000000063835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\xmlrwbin_xl.dll2021-04-20 14:54:03.675 23542300x800000000000000063834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.675{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9107BD129595DAEBF79FE67383BD1636,SHA256=74AB4829D72CF69CFD26A1605E99DD085EC57C79C8E196119E1E3E2C6F8DF754,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.675{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A7A83850D15CD6D590E9605EDB1462B,SHA256=91F173262C34940AFE9D091C88B8A649C7F656AC687073721BFC3D1617C9B922,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_PDF.DLL2021-04-20 14:54:03.612 11241100x800000000000000063831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXPSRV.DLL2021-04-20 14:54:03.612 11241100x800000000000000063830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:03.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\FLTLDR.EXE2021-04-20 14:54:03.597 11241100x800000000000000063829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\IACOM2.DLL2021-04-20 14:54:03.581 11241100x800000000000000063828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso50win32client.dll2021-04-20 14:54:03.581 11241100x800000000000000063827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:03.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOICONS.EXE2021-04-20 14:54:03.518 11241100x800000000000000063826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msowerrelief.dll2021-04-20 14:54:03.456 10341000x800000000000000063825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.487{A7A01FEF-EB0B-607E-740B-00000000BB01}38282600C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000063824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOPRIV.DLL2021-04-20 14:54:03.456 11241100x800000000000000063823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp120.dll2021-04-20 14:54:03.456 11241100x800000000000000063822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll2021-04-20 14:54:03.456 11241100x800000000000000063821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL2021-04-20 14:54:03.456 11241100x800000000000000063820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSSOAP30.DLL2021-04-20 14:54:03.456 11241100x800000000000000063819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso98win32client.dll2021-04-20 14:54:03.456 11241100x800000000000000063818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE2021-04-20 14:54:03.456 11241100x800000000000000063817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ODATACPP.DLL2021-04-20 14:54:03.456 11241100x800000000000000063816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.394{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OFFREL.DLL2021-04-20 14:54:03.394 23542300x800000000000000063815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.394{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B272D8F8B5C47513F04621179B13FA9A,SHA256=8BAD591C8C82F3FD852C809C9B4189551562F4DD5B43EC78E17C92CD14B7E01B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\TextIntelligence.dll2021-04-20 14:54:03.378 11241100x800000000000000063813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WXPNSE.DLL2021-04-20 14:54:03.378 11241100x800000000000000063812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\PROOF\MSLID.DLL2021-04-20 14:54:03.378 11241100x800000000000000063811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FPERSON.DLL2021-04-20 14:54:03.378 11241100x800000000000000063810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT2021-04-20 14:54:03.378 11241100x800000000000000063809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:03.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE2021-04-20 14:54:03.362 11241100x800000000000000063808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUIRES.DLL2021-04-20 14:54:03.331 10341000x800000000000000063807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB0B-607E-740B-00000000BB01}3828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB0B-607E-740B-00000000BB01}3828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.315{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB0B-607E-740B-00000000BB01}3828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.175{A7A01FEF-EB0B-607E-740B-00000000BB01}3828C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Web Server Extensions\16\BIN\FPSRVUTL.DLL2021-04-20 14:54:03.284 11241100x800000000000000063798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrw.dll2021-04-20 14:54:03.284 11241100x800000000000000063797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrwbin.dll2021-04-20 14:54:03.284 11241100x800000000000000063796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADAL.DLL2021-04-20 14:54:03.269 11241100x800000000000000063795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.269{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL2021-04-20 14:54:03.269 11241100x800000000000000063794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:03.222 11241100x800000000000000063788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\ai.dll2021-04-20 14:54:03.222 11241100x800000000000000063783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:03.222 11241100x800000000000000063775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:03.206 11241100x800000000000000063774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:03.206 11241100x800000000000000063773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:03.206 11241100x800000000000000063772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:03.206 11241100x800000000000000063771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Csi.dll2021-04-20 14:54:03.159 11241100x800000000000000063770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:03.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso50win32client.dll2021-04-20 14:54:03.159 23542300x800000000000000049450Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:03.915{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EDFE8A5C07F14CFB092D1C1AE8701CE8,SHA256=94F856E3D44CBC4D7F1A85608FAC11EFE554B94A8C5503096521A4910189B5A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049449Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:03.134{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD80596198314E7829CFC2FD78323EC6,SHA256=BCCBE4621FB3A2DE3498AFB0D023B5D0E1EA105ED6C8B660A9334A34E47C091A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SHAREPOINTPROVIDER.DLL2021-04-20 14:54:04.925 11241100x800000000000000063929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SignalRClient.dll2021-04-20 14:54:04.925 11241100x800000000000000063928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.893{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\MSO20SKYPEWIN32.DLL2021-04-20 14:54:04.878 11241100x800000000000000063927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOA.DLL2021-04-20 14:54:04.878 11241100x800000000000000063926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\STSLIST.DLL2021-04-20 14:54:04.847 11241100x800000000000000063925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Tec.dll2021-04-20 14:54:04.847 11241100x800000000000000063924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TecProxy.dll2021-04-20 14:54:04.847 11241100x800000000000000063923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TellMeRuntime.dll2021-04-20 14:54:04.847 11241100x800000000000000063922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\TextConversionModule.dll2021-04-20 14:54:04.847 11241100x800000000000000063921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Ucmp.dll2021-04-20 14:54:04.847 354300x800000000000000063920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.452{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57481-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000063919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.452{A7A01FEF-B622-607E-0100-00000000BB01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57481-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local445microsoft-ds 354300x800000000000000063918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:02.950{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55973-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000063917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.831{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1897BEF78430515F6DC73D9CC98860BE,SHA256=B2218CA45ADC2B073BC02902B7ADA3D7A75F90BD4F1E25A8030095934E588CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000063916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.831{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=935E7F40B08EA665A3F83C5337237F7D,SHA256=18B01EDE0DD259102CD5ABC2FBB580ADBFC0BD21754EB964CDA736796D5A0538,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\upe.dll2021-04-20 14:54:04.815 11241100x800000000000000063914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.722{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\v8jsi.dll2021-04-20 14:54:04.722 11241100x800000000000000063913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VVIEWDWG.DLL2021-04-20 14:54:04.675 11241100x800000000000000063912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VVIEWER.DLL2021-04-20 14:54:04.565 11241100x800000000000000063911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WEBSANDBOX.DLL2021-04-20 14:54:04.550 11241100x800000000000000063910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WebView2Loader.dll2021-04-20 14:54:04.550 11241100x800000000000000063909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\windowsspeakerrecosdk.dll2021-04-20 14:54:04.550 11241100x800000000000000063908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordcnvr.dll2021-04-20 14:54:04.440 11241100x800000000000000063907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:04.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WORDICON.EXE2021-04-20 14:54:04.362 11241100x800000000000000063906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:04.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLICONS.EXE2021-04-20 14:54:04.347 11241100x800000000000000063905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLINTL32.COMMON.DLL2021-04-20 14:54:04.315 11241100x800000000000000063904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGCORE.DLL2021-04-20 14:54:04.300 11241100x800000000000000063903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DBGHELP.DLL2021-04-20 14:54:04.284 11241100x800000000000000063902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE2021-04-20 14:54:04.268 11241100x800000000000000063901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DWTRIG20.EXE2021-04-20 14:54:04.268 11241100x800000000000000063899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:04.268 11241100x800000000000000063896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:04.268 11241100x800000000000000063878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp120.dll2021-04-20 14:54:04.253 11241100x800000000000000063877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcr120.dll2021-04-20 14:54:04.253 11241100x800000000000000063876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\ucrtbase.dll2021-04-20 14:54:04.253 11241100x800000000000000063875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\hxds.dll2021-04-20 14:54:04.237 11241100x800000000000000063874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.237{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\itircl55.dll2021-04-20 14:54:04.237 11241100x800000000000000063873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\msitss55.dll2021-04-20 14:54:04.222 11241100x800000000000000063872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\MSClientDataMgr\MSCDM.DLL2021-04-20 14:54:04.222 11241100x800000000000000063871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODATASERVICE.DLL2021-04-20 14:54:04.222 11241100x800000000000000063870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODBC.DLL2021-04-20 14:54:04.222 11241100x800000000000000063869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEOLEDB.DLL2021-04-20 14:54:04.222 11241100x800000000000000063868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEWSS.DLL2021-04-20 14:54:04.222 11241100x800000000000000063867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.222{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEXBE.DLL2021-04-20 14:54:04.222 11241100x800000000000000063866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADALPREVIOUS.DLL2021-04-20 14:54:04.206 11241100x800000000000000063865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AIRWER.DLL2021-04-20 14:54:04.206 11241100x800000000000000063864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:04.206 11241100x800000000000000063861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:04.206 11241100x800000000000000063856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:04.190 11241100x800000000000000063855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:04.190 11241100x800000000000000063854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:04.190 10341000x800000000000000063853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.143{A7A01FEF-EB0B-607E-750B-00000000BB01}64887084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000063852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.DataFeedClient.dll2021-04-20 14:54:04.128 11241100x800000000000000063851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.Edm.dll2021-04-20 14:54:04.128 11241100x800000000000000063850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:04.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.Odata.dll2021-04-20 14:54:04.112 23542300x800000000000000049452Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:04.165{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2B5F0AB1E5A2FB03F4EE97E5A9430BD,SHA256=36FDFDA24139474DEB08B72BF33380782BFB5AF7B11D20AFA2B495500842DA93,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049451Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:01.649{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52479-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000063967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OneNote\SendToOneNoteFilter.dll2021-04-20 14:54:05.987 11241100x800000000000000063966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEW32.DLL2021-04-20 14:54:05.956 354300x800000000000000063965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.279{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com57478-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000063964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:04.169{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57482-false10.0.1.12-8000- 354300x800000000000000063963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:03.874{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-17018-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000063962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONMAINW32.DLL2021-04-20 14:54:05.815 11241100x800000000000000063961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONPPTAddin.dll2021-04-20 14:54:05.815 11241100x800000000000000063960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONWordAddin.dll2021-04-20 14:54:05.815 11241100x800000000000000063959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.789{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSF.DLL2021-04-20 14:54:05.789 11241100x800000000000000063958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.789{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFSHARED.DLL2021-04-20 14:54:05.789 11241100x800000000000000063957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.768{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OsfTaskengine.dll2021-04-20 14:54:05.768 11241100x800000000000000063956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.768{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFUI.DLL2021-04-20 14:54:05.768 11241100x800000000000000063955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.722{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLFLTR.DLL2021-04-20 14:54:05.722 11241100x800000000000000063954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000042\mecontrol.win32.bundle.LICENSE.txt2021-04-20 14:54:05.690 11241100x800000000000000063953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookReactNative\SearchView\NOTICE.txt2021-04-20 14:54:05.690 11241100x800000000000000063952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLLIBR.COMMON.DLL2021-04-20 14:54:05.675 11241100x800000000000000063951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLMIME.DLL2021-04-20 14:54:05.675 11241100x800000000000000063950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLPH.DLL2021-04-20 14:54:05.659 11241100x800000000000000063949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookWebHost.dll2021-04-20 14:54:05.659 11241100x800000000000000063948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview.win32.bundle.tpn.txt2021-04-20 14:54:05.612 11241100x800000000000000063947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000018\cardview.win32.bundle.LICENSE.txt2021-04-20 14:54:05.612 11241100x800000000000000063946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SAEXT.DLL2021-04-20 14:54:05.597 11241100x800000000000000063945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SDXHelper.exe2021-04-20 14:54:05.597 11241100x800000000000000063944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmmvrhw.dll2021-04-20 14:54:05.597 11241100x800000000000000063943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PEOPLEDATAHANDLER.DLL2021-04-20 14:54:05.597 11241100x800000000000000063942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmvc1decmft.dll2021-04-20 14:54:05.597 11241100x800000000000000063941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RTC.DLL2021-04-20 14:54:05.597 11241100x800000000000000063940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PersonaSpy\notice.txt2021-04-20 14:54:05.597 11241100x800000000000000063939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:05.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPTICO.EXE2021-04-20 14:54:05.534 11241100x800000000000000063938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msgr3jp.dll2021-04-20 14:54:05.534 11241100x800000000000000063937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBCONV.DLL2021-04-20 14:54:05.503 11241100x800000000000000063936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUB6INTL.COMMON.DLL2021-04-20 14:54:05.503 11241100x800000000000000063935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PSTPRX32.DLL2021-04-20 14:54:05.503 11241100x800000000000000063934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\protocolhandler.exe2021-04-20 14:54:05.503 11241100x800000000000000063933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000049\index.win32.bundle.LICENSE.txt2021-04-20 14:54:05.503 23542300x800000000000000063932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.034{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D387787D4C2CAAA6F6E4360F8306E87,SHA256=06B54F01873C57C272D6E89815F4B502D599293D64C2F01F9CC653E833D30259,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxs\FA000000056\index.win32.bundle.LICENSE.txt2021-04-20 14:54:05.003 23542300x800000000000000049455Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:05.228{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A828242A8D6255E50D492E49D42D390,SHA256=071DCE6A961498C9058ADF63A02789D9E084068C90A7DB8B5399E5BC700E1233,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049454Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:03.072{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50206-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049453Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:03.008{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com55464-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.323{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18385-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.222{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-21115-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.909{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D8EC231223B536C2B1B5CF0729D4D75,SHA256=D6418BCF731AFFA6BCC157AACCAA21CE986E4F8BAFB1855574B21C13663DDE5C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:06.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoia.exe2021-04-20 14:54:06.909 11241100x800000000000000064017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Lexicons0011.DLL2021-04-20 14:54:06.862 11241100x800000000000000064016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NL7Models0011.DLL2021-04-20 14:54:06.862 11241100x800000000000000064015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSTYLE.DLL2021-04-20 14:54:06.862 11241100x800000000000000064014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSVCP140_APP.DLL2021-04-20 14:54:06.862 11241100x800000000000000064013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSPECTRE.DLL2021-04-20 14:54:06.862 11241100x800000000000000064012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OARTODF.DLL2021-04-20 14:54:06.862 23542300x800000000000000064011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.862{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93316DACA561B628559681DDC0950F70,SHA256=C1F44F5815F2CCD98E174B86EEA014D7DAECD83407C34C10FCD0954330E87429,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSVG.DLL2021-04-20 14:54:06.862 11241100x800000000000000064009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotdaddin.dll2021-04-20 14:54:06.784 11241100x800000000000000064008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCIntlDate.dll2021-04-20 14:54:06.784 11241100x800000000000000064007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocmsptls.dll2021-04-20 14:54:06.784 11241100x800000000000000064006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OcOffice.dll2021-04-20 14:54:06.784 11241100x800000000000000064005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocogl.dll2021-04-20 14:54:06.784 11241100x800000000000000064004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocpptview.dll2021-04-20 14:54:06.784 11241100x800000000000000064003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocppvwintl.dll2021-04-20 14:54:06.784 11241100x800000000000000064002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCSAEXT.dll2021-04-20 14:54:06.784 11241100x800000000000000064001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCSCLIENTWIN32.DLL2021-04-20 14:54:06.643 11241100x800000000000000064000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\amazonredshiftodbc_sb64.dll2021-04-20 14:54:06.597 11241100x800000000000000063999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\ssleay32.dll2021-04-20 14:54:06.597 11241100x800000000000000063998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicudt53_64.dll2021-04-20 14:54:06.487 11241100x800000000000000063997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll2021-04-20 14:54:06.472 11241100x800000000000000063996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll2021-04-20 14:54:06.409 11241100x800000000000000063995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.393{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl.dll2021-04-20 14:54:06.393 11241100x800000000000000063994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll2021-04-20 14:54:06.378 11241100x800000000000000063993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll2021-04-20 14:54:06.378 11241100x800000000000000063992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libcrypto-1_1-x64.dll2021-04-20 14:54:06.362 11241100x800000000000000063991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll2021-04-20 14:54:06.362 23542300x800000000000000063990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.206{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BCE693E53361DF9CFBCA2A3B13BAA1D,SHA256=CB09C00F191B6970891B042993407BDB40F759A63C255301960572E20F5E801C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000063989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll2021-04-20 14:54:06.175 11241100x800000000000000063988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicuin58_64.dll2021-04-20 14:54:06.159 11241100x800000000000000063987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sbicuuc58_64.dll2021-04-20 14:54:06.143 11241100x800000000000000063986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll2021-04-20 14:54:06.065 11241100x800000000000000063985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBCTRAC.DLL2021-04-20 14:54:06.065 11241100x800000000000000063984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:06.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\officeappguardwin32.exe2021-04-20 14:54:06.050 11241100x800000000000000063983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFICEJS_EXCEL.DLL2021-04-20 14:54:06.050 11241100x800000000000000063982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OIMG.DLL2021-04-20 14:54:06.018 11241100x800000000000000063981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLKFSTUB.DLL2021-04-20 14:54:06.018 11241100x800000000000000063980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMICAUT.DLL2021-04-20 14:54:06.018 10341000x800000000000000063979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB0D-607E-760B-00000000BB01}6468C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B625-607E-0C00-00000000BB01}6684872C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000063974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB0D-607E-760B-00000000BB01}6468C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000063973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.003{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB0D-607E-760B-00000000BB01}6468C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000063972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:05.863{A7A01FEF-EB0D-607E-760B-00000000BB01}6468C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 11241100x800000000000000063971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnPPT.dll2021-04-20 14:54:06.003 11241100x800000000000000063970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMRAUT.DLL2021-04-20 14:54:06.003 11241100x800000000000000063969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:06.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnWD.dll2021-04-20 14:54:05.987 11241100x800000000000000063968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:05.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONECLIENTW32.DLL2021-04-20 14:54:05.987 23542300x800000000000000049458Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:06.947{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=66A0F64C981FFCD3858F821A91820236,SHA256=47110550CF18B2E7723BAB29E8B919ED43879E1A2C2DAFF51DCC7CF29F846DC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049457Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:06.260{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7A5F4AB937082C0275DD993FC0EE8DF,SHA256=B2710144D2C1A1EF85FBC00025B8043CA435C7616E8714ABE63E3302F5B7EAFC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049456Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:04.313{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65110-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll2021-04-20 14:54:07.971 11241100x800000000000000064054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\pdf2text.dll2021-04-20 14:54:07.971 11241100x800000000000000064053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ChakraCore.Debugger.dll2021-04-20 14:54:07.971 11241100x800000000000000064052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appshcom.dll2021-04-20 14:54:07.971 11241100x800000000000000064051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_expiration_terms_dict.txt2021-04-20 14:54:07.971 11241100x800000000000000064050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_security_terms_dict.txt2021-04-20 14:54:07.971 11241100x800000000000000064049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\card_terms_dict.txt2021-04-20 14:54:07.690 354300x800000000000000064048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.747{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-19750-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.715{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-22479-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.298{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52480-false10.0.1.14win-dc-339.attackrange.local49676- 11241100x800000000000000064045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Configuration\ssn_high_group_info.txt2021-04-20 14:54:07.690 11241100x800000000000000064044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\cpprestsdk.dll2021-04-20 14:54:07.675 11241100x800000000000000064043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\csi.dll2021-04-20 14:54:07.612 11241100x800000000000000064042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSIRESOURCES.DLL2021-04-20 14:54:07.597 11241100x800000000000000064041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DBGCORE.DLL2021-04-20 14:54:07.597 11241100x800000000000000064040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EntityDataHandler.dll2021-04-20 14:54:07.597 11241100x800000000000000064039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.597{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EntityPicker.dll2021-04-20 14:54:07.597 11241100x800000000000000064038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.550{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EXSEC32.DLL2021-04-20 14:54:07.534 11241100x800000000000000064037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\FilterModule.dll2021-04-20 14:54:07.534 11241100x800000000000000064036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GFX.DLL2021-04-20 14:54:07.503 11241100x800000000000000064035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKPowerPoint.dll2021-04-20 14:54:07.487 11241100x800000000000000064034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GKWord.dll2021-04-20 14:54:07.456 11241100x800000000000000064033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCard\TPN.txt2021-04-20 14:54:07.440 11241100x800000000000000064032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\LivePersonaCardRollback\TPN.txt2021-04-20 14:54:07.440 11241100x800000000000000064031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lpklegal.txt2021-04-20 14:54:07.425 11241100x800000000000000064030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:07.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Lync2013_Third_Party_Notices.txt2021-04-20 14:54:07.425 11241100x800000000000000064029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:07.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lync99.exe2021-04-20 14:54:07.425 11241100x800000000000000064028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MAPIPH.DLL2021-04-20 14:54:07.425 11241100x800000000000000064027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Ink.Recognition.DLL2021-04-20 14:54:07.284 11241100x800000000000000064026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Microsoft.Office.PolicyTips.dll2021-04-20 14:54:07.284 11241100x800000000000000064025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MIMEDIR.DLL2021-04-20 14:54:07.284 11241100x800000000000000064024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MORPH9.DLL2021-04-20 14:54:07.284 11241100x800000000000000064023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSBARCODE.DLL2021-04-20 14:54:07.284 11241100x800000000000000064022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:07.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mset7.dll2021-04-20 14:54:07.284 23542300x800000000000000049461Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:07.307{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=086F06ED60AC08AA452541CABE50DDA8,SHA256=B4CC03BB7C2226D33118A4FED532F67E1270C67811CE714AA33C3993E82817CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049460Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:04.730{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51675-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049459Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:04.620{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com60193-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:06.872{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57886- 11241100x800000000000000064068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLMF.DLL2021-04-20 14:54:08.659 11241100x800000000000000064067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso20win32client.dll2021-04-20 14:54:08.659 23542300x800000000000000064066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:08.534{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=54DCA8D100B3862C916EFD8F6A9674B7,SHA256=58AA830DF19F3EFB63F9D1805215DAED810B7C5C18D9CE3FC36401EB65CE1D9B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office15\pidgenx.dll2021-04-20 14:54:08.268 11241100x800000000000000064064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll2021-04-20 14:54:08.128 11241100x800000000000000064063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL2021-04-20 14:54:08.128 11241100x800000000000000064062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL2021-04-20 14:54:08.112 11241100x800000000000000064061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll2021-04-20 14:54:08.112 11241100x800000000000000064060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL2021-04-20 14:54:08.112 23542300x800000000000000064059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:08.112{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A96B1FEDB837CD54CB804A91E2EEE99E,SHA256=BBCF258BE628DB1C06E1E14539F83423CAB095DBB5B7056F49343C488D913609,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\otkloadr_x64.dll2021-04-20 14:54:08.112 11241100x800000000000000064057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll2021-04-20 14:54:08.112 11241100x800000000000000064056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:08.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\MSOSEC.DLL2021-04-20 14:54:08.112 23542300x800000000000000049463Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:08.338{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB71EB5E78C909168789B21DA20C740B,SHA256=04769194C0A62A88E23DDB93A18CADD6F4BA45ED4E2F098C9C386CAE30E073BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049462Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:05.852{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52480-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 11241100x800000000000000064158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.847{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1XTOR.DLL2021-04-20 14:54:09.675 11241100x800000000000000064157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFROAMINGPROXY.DLL2021-04-20 14:54:09.706 11241100x800000000000000064156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLRPC.DLL2021-04-20 14:54:09.690 11241100x800000000000000064155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLVBS.DLL2021-04-20 14:54:09.690 11241100x800000000000000064154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OfficeJs_Core.DLL2021-04-20 14:54:09.690 11241100x800000000000000064153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SOCIALPROVIDER.DLL2021-04-20 14:54:09.675 11241100x800000000000000064152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SEQCHK10.DLL2021-04-20 14:54:09.675 11241100x800000000000000064151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VCRUNTIME140_APP.DLL2021-04-20 14:54:09.675 11241100x800000000000000064150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VCCORLIB140_APP.DLL2021-04-20 14:54:09.675 11241100x800000000000000064149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SENDTO.DLL2021-04-20 14:54:09.675 11241100x800000000000000064148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SDXHelperBgt.exe2021-04-20 14:54:09.675 11241100x800000000000000064147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\REFEDIT.DLL2021-04-20 14:54:09.675 11241100x800000000000000064146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\RECALL.DLL2021-04-20 14:54:09.675 11241100x800000000000000064145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PRTF9.DLL2021-04-20 14:54:09.675 11241100x800000000000000064144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPSLAX.DLL2021-04-20 14:54:09.675 11241100x800000000000000064143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CORE.DLL2021-04-20 14:54:09.675 11241100x800000000000000064142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\MSCONV97.DLL2021-04-20 14:54:09.675 11241100x800000000000000064141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe2021-04-20 14:54:09.675 11241100x800000000000000064140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\MOFL.DLL2021-04-20 14:54:09.675 11241100x800000000000000064139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.DLL2021-04-20 14:54:09.675 11241100x800000000000000064138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IMCONTACT.DLL2021-04-20 14:54:09.675 11241100x800000000000000064137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\IETAG.DLL2021-04-20 14:54:09.675 11241100x800000000000000064136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.675{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FDATE.DLL2021-04-20 14:54:09.628 11241100x800000000000000064135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\concrt140.dll2021-04-20 14:54:09.628 11241100x800000000000000064134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vccorlib140.dll2021-04-20 14:54:09.628 11241100x800000000000000064133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ucrtbase.dll2021-04-20 14:54:09.612 11241100x800000000000000064132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\mfc140u.dll2021-04-20 14:54:09.612 11241100x800000000000000064131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FBIBLIO.DLL2021-04-20 14:54:09.612 11241100x800000000000000064130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll2021-04-20 14:54:09.612 11241100x800000000000000064129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\WISC30.DLL2021-04-20 14:54:09.612 11241100x800000000000000064128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\VBAJET32.DLL2021-04-20 14:54:09.612 11241100x800000000000000064127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OPTINPS.DLL2021-04-20 14:54:09.612 11241100x800000000000000064126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\VISSHE.DLL2021-04-20 14:54:09.612 11241100x800000000000000064125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\SKYPESERVER.EXE2021-04-20 14:54:09.612 11241100x800000000000000064124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.612{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SkypeSrv\SFBAPPSDK.DLL2021-04-20 14:54:09.596 11241100x800000000000000064123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.596{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MUOPTIN.DLL2021-04-20 14:54:09.596 11241100x800000000000000064122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.596{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\URLREDIR.DLL2021-04-20 14:54:09.596 11241100x800000000000000064121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.596{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\msmgdsrv_xl.dll2021-04-20 14:54:09.596 11241100x800000000000000064120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.596{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.SqlServer.Configuration.SString.dll2021-04-20 14:54:09.503 11241100x800000000000000064119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vcruntime140.dll2021-04-20 14:54:09.503 11241100x800000000000000064118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL2021-04-20 14:54:09.503 11241100x800000000000000064117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vccorlib140.dll2021-04-20 14:54:09.503 11241100x800000000000000064116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\msvcp140.dll2021-04-20 14:54:09.503 11241100x800000000000000064115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\mfc140u.dll2021-04-20 14:54:09.503 11241100x800000000000000064114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\concrt140.dll2021-04-20 14:54:09.503 11241100x800000000000000064113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\sdxbgt.dll2021-04-20 14:54:09.503 11241100x800000000000000064112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\scdec.dll2021-04-20 14:54:09.503 11241100x800000000000000064111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\react-native-sdk.dll2021-04-20 14:54:09.503 11241100x800000000000000064110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotelemetry.dll2021-04-20 14:54:09.503 11241100x800000000000000064109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoianetutil.dll2021-04-20 14:54:09.503 11241100x800000000000000064108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoetwres.dll2021-04-20 14:54:09.503 11241100x800000000000000064107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msix.dll2021-04-20 14:54:09.503 11241100x800000000000000064106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\excelcnvpxy.dll2021-04-20 14:54:09.503 11241100x800000000000000064105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\XLCALL32.DLL2021-04-20 14:54:09.503 11241100x800000000000000064104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Office.Excel.DataModel.dll2021-04-20 14:54:09.503 11241100x800000000000000064103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Tabular.dll2021-04-20 14:54:09.503 11241100x800000000000000064102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.SPClient.Interfaces.dll2021-04-20 14:54:09.503 11241100x800000000000000064101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Amo.dll2021-04-20 14:54:09.503 11241100x800000000000000064100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Amo.Core.dll2021-04-20 14:54:09.503 11241100x800000000000000064099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.AdomdClient.dll2021-04-20 14:54:09.503 11241100x800000000000000064098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.ConnectionUI.dll2021-04-20 14:54:09.503 11241100x800000000000000064097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.ConnectionUI.Dialog.dll2021-04-20 14:54:09.362 11241100x800000000000000064096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.AnalysisServices.Excel.BackEnd.dll2021-04-20 14:54:09.362 11241100x800000000000000064095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.AnalysisServices.Common.dll2021-04-20 14:54:09.362 11241100x800000000000000064094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACETXT.DLL2021-04-20 14:54:09.362 11241100x800000000000000064093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLL2021-04-20 14:54:09.362 11241100x800000000000000064092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODATA.DLL2021-04-20 14:54:09.362 11241100x800000000000000064091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODEXL.DLL2021-04-20 14:54:09.362 11241100x800000000000000064090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEEXCH.DLL2021-04-20 14:54:09.362 11241100x800000000000000064089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODTXT.DLL2021-04-20 14:54:09.362 11241100x800000000000000064088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140_1.dll2021-04-20 14:54:09.362 11241100x800000000000000064087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vcruntime140.dll2021-04-20 14:54:09.362 11241100x800000000000000064086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll2021-04-20 14:54:09.362 11241100x800000000000000064085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:09.347 11241100x800000000000000064084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:09.347 11241100x800000000000000064083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.347{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\EXP_XPS.DLL2021-04-20 14:54:09.112 11241100x800000000000000064074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO99LRES.DLL2021-04-20 14:54:09.112 11241100x800000000000000064073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:09.112 11241100x800000000000000064072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO40UIRES.DLL2021-04-20 14:54:09.112 11241100x800000000000000064071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:09.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSO.DLL2021-04-20 14:54:09.112 23542300x800000000000000064070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:09.112{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39CC7D62F228809550AFF2E0421D90F7,SHA256=32D4A86026AA5993E3FC4AA8AFEA63A5044B411E61B992398C429B0D71DC4AB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049467Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:09.463{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98333A0389289BD6A836B124BCB8879C,SHA256=45C7C15924ECCC63A98A6BAFD0305353DEDCF1B1A6282D18D5D586DE3BBA21B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049466Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:09.369{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=809F45D6119C63C442390EBD0C991ADE,SHA256=B60EBEF3467315E1A93D5557137A5BB7B9DFFD51F9ED8F8D84D4697413897D1B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049465Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:06.650{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52481-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049464Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:06.219{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53143-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064308Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.893{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll2021-04-20 14:54:10.893 11241100x800000000000000064307Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.893{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll2021-04-20 14:54:10.878 11241100x800000000000000064306Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll2021-04-20 14:54:10.878 11241100x800000000000000064305Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll2021-04-20 14:54:10.878 11241100x800000000000000064304Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll2021-04-20 14:54:10.878 11241100x800000000000000064303Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.Runtime.InteropServices.RuntimeInformation.dll2021-04-20 14:54:10.878 11241100x800000000000000064302Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll2021-04-20 14:54:10.878 11241100x800000000000000064301Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MsoAriaCApiWrapper.dll2021-04-20 14:54:10.878 11241100x800000000000000064300Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Excel.dll2021-04-20 14:54:10.878 11241100x800000000000000064299Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll2021-04-20 14:54:10.878 11241100x800000000000000064298Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll2021-04-20 14:54:10.878 11241100x800000000000000064297Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll2021-04-20 14:54:10.878 11241100x800000000000000064296Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll2021-04-20 14:54:10.878 11241100x800000000000000064295Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe2021-04-20 14:54:10.878 11241100x800000000000000064294Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Themes.dll2021-04-20 14:54:10.878 11241100x800000000000000064293Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll2021-04-20 14:54:10.878 11241100x800000000000000064292Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll2021-04-20 14:54:10.878 11241100x800000000000000064291Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Packaging.dll2021-04-20 14:54:10.878 11241100x800000000000000064290Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe2021-04-20 14:54:10.878 11241100x800000000000000064289Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll2021-04-20 14:54:10.878 11241100x800000000000000064288Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.UI.dll2021-04-20 14:54:10.878 11241100x800000000000000064287Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll2021-04-20 14:54:10.878 11241100x800000000000000064286Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll2021-04-20 14:54:10.690 11241100x800000000000000064285Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll2021-04-20 14:54:10.690 11241100x800000000000000064284Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll2021-04-20 14:54:10.690 11241100x800000000000000064283Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll2021-04-20 14:54:10.690 11241100x800000000000000064282Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll2021-04-20 14:54:10.690 11241100x800000000000000064281Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.PowerBI.AdomdClient.dll2021-04-20 14:54:10.690 11241100x800000000000000064280Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll2021-04-20 14:54:10.690 11241100x800000000000000064279Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.ProgramSynthesis.dll2021-04-20 14:54:10.690 11241100x800000000000000064278Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.V7.dll2021-04-20 14:54:10.690 11241100x800000000000000064277Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll2021-04-20 14:54:10.690 11241100x800000000000000064276Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Newtonsoft.Json.dll2021-04-20 14:54:10.690 11241100x800000000000000064275Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Collections.Immutable.dll2021-04-20 14:54:10.440 11241100x800000000000000064274Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Spatial.NetFX35.dll2021-04-20 14:54:10.425 11241100x800000000000000064273Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll2021-04-20 14:54:10.425 11241100x800000000000000064272Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll2021-04-20 14:54:10.425 11241100x800000000000000064271Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINCORE.DLL2021-04-20 14:54:10.425 11241100x800000000000000064270Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINDATAPROVIDER.DLL2021-04-20 14:54:10.425 11241100x800000000000000064269Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\POWERMAPCLASSIFICATION.DLL2021-04-20 14:54:10.409 11241100x800000000000000064268Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL2021-04-20 14:54:10.409 11241100x800000000000000064267Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHARTCOMMON.DLL2021-04-20 14:54:10.409 11241100x800000000000000064266Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL2021-04-20 14:54:10.409 11241100x800000000000000064265Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.393{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCONTROL.DLL2021-04-20 14:54:10.393 11241100x800000000000000064264Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONDIRECTX.DLL2021-04-20 14:54:10.378 11241100x800000000000000064263Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONENGINE.DLL2021-04-20 14:54:10.378 11241100x800000000000000064262Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONGRAPHICS.DLL2021-04-20 14:54:10.378 11241100x800000000000000064261Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL2021-04-20 14:54:10.362 11241100x800000000000000064260Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll2021-04-20 14:54:10.362 11241100x800000000000000064259Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll2021-04-20 14:54:10.362 11241100x800000000000000064258Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll2021-04-20 14:54:10.362 11241100x800000000000000064257Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll2021-04-20 14:54:10.346 11241100x800000000000000064256Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll2021-04-20 14:54:10.346 11241100x800000000000000064255Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.dll2021-04-20 14:54:10.346 11241100x800000000000000064254Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll2021-04-20 14:54:10.346 11241100x800000000000000064253Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Interfaces.dll2021-04-20 14:54:10.346 11241100x800000000000000064252Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll2021-04-20 14:54:10.346 11241100x800000000000000064251Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll2021-04-20 14:54:10.300 11241100x800000000000000064250Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll2021-04-20 14:54:10.300 11241100x800000000000000064249Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll2021-04-20 14:54:10.300 11241100x800000000000000064248Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll2021-04-20 14:54:10.300 11241100x800000000000000064247Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.300{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll2021-04-20 14:54:10.300 11241100x800000000000000064246Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll2021-04-20 14:54:10.284 11241100x800000000000000064245Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AugLoop\third-party-notices.txt2021-04-20 14:54:10.284 11241100x800000000000000064244Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll2021-04-20 14:54:10.268 11241100x800000000000000064243Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Appshapi.dll2021-04-20 14:54:10.268 11241100x800000000000000064242Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appshvw.dll2021-04-20 14:54:10.268 11241100x800000000000000064241Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll2021-04-20 14:54:10.268 11241100x800000000000000064240Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll2021-04-20 14:54:10.268 11241100x800000000000000064239Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll2021-04-20 14:54:10.268 11241100x800000000000000064238Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll2021-04-20 14:54:10.268 11241100x800000000000000064237Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Layout.dll2021-04-20 14:54:10.253 11241100x800000000000000064236Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL2021-04-20 14:54:10.253 11241100x800000000000000064235Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll2021-04-20 14:54:10.253 11241100x800000000000000064234Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll2021-04-20 14:54:10.253 11241100x800000000000000064233Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll2021-04-20 14:54:10.221 11241100x800000000000000064232Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Dallas.OAuthClient.dll2021-04-20 14:54:10.221 11241100x800000000000000064231Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll2021-04-20 14:54:10.221 11241100x800000000000000064230Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL2021-04-20 14:54:10.221 11241100x800000000000000064229Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll2021-04-20 14:54:10.221 11241100x800000000000000064228Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll2021-04-20 14:54:10.221 11241100x800000000000000064227Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll2021-04-20 14:54:10.221 11241100x800000000000000064226Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.MDXQueryGenerator.dll2021-04-20 14:54:10.206 11241100x800000000000000064225Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll2021-04-20 14:54:10.206 11241100x800000000000000064224Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL2021-04-20 14:54:10.206 11241100x800000000000000064223Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.DataWarehouse.dll2021-04-20 14:54:10.206 11241100x800000000000000064222Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll2021-04-20 14:54:10.190 11241100x800000000000000064221Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll2021-04-20 14:54:10.190 23542300x800000000000000064220Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.190{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF87C9DC0C0B70F4FAC8308A45077665,SHA256=961B691CB4DE7561E6D13D8FBA2131A5F94411D0B6621CC74ECAB714879EDA8C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064219Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll2021-04-20 14:54:10.175 11241100x800000000000000064218Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.PowerPivot.ExcelAddIn.dll2021-04-20 14:54:10.175 11241100x800000000000000064217Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportViewer.Common.dll2021-04-20 14:54:10.112 11241100x800000000000000064216Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONLNTCOMLIB.DLL2021-04-20 14:54:10.112 11241100x800000000000000064215Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONFILTER.DLL2021-04-20 14:54:10.112 11241100x800000000000000064214Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnIELinkedNotes.dll2021-04-20 14:54:10.112 11241100x800000000000000064213Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnIE.dll2021-04-20 14:54:10.112 11241100x800000000000000064212Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLCFG.EXE2021-04-20 14:54:10.112 11241100x800000000000000064211Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMSXP32.DLL2021-04-20 14:54:10.112 11241100x800000000000000064210Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OMSMAIN.DLL2021-04-20 14:54:10.112 11241100x800000000000000064209Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll2021-04-20 14:54:10.112 11241100x800000000000000064208Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportViewer.WinForms.dll2021-04-20 14:54:10.112 11241100x800000000000000064207Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\zlibwapi.dll2021-04-20 14:54:10.112 11241100x800000000000000064206Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll2021-04-20 14:54:10.112 11241100x800000000000000064205Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll2021-04-20 14:54:10.112 734700x800000000000000064204Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\wbem\fastprox.dll10.0.14393.0 (rs1_release.160715-1616)WMI Custom MarshallerMicrosoft® Windows® Operating SystemMicrosoft Corporationfastprox.dllMD5=C2F7834269D565263C65757EDE37A66C,SHA256=17651A35255229CE95F065CA1BCCC4867B43DA879D72AFCC91FBA4768225C7D3,IMPHASH=481A52B415277FC8692C7D6D9EA3475CtrueMicrosoft WindowsValid 11241100x800000000000000064203Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OCHelper.dll2021-04-20 14:54:10.081 11241100x800000000000000064202Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAME.DLL2021-04-20 14:54:10.081 11241100x800000000000000064201Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAMECONTROLPROXY.DLL2021-04-20 14:54:10.081 11241100x800000000000000064200Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MeetingJoinAxOC.dll2021-04-20 14:54:10.081 11241100x800000000000000064199Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSRTEDIT.DLL2021-04-20 14:54:10.081 11241100x800000000000000064198Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHEVI.DLL2021-04-20 14:54:10.081 11241100x800000000000000064197Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSREC.EXE2021-04-20 14:54:10.081 11241100x800000000000000064196Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIANEXT.DLL2021-04-20 14:54:10.081 11241100x800000000000000064195Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOARIACAPI.DLL2021-04-20 14:54:10.081 11241100x800000000000000064194Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOADFPS.DLL2021-04-20 14:54:10.081 11241100x800000000000000064193Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll2021-04-20 14:54:10.081 11241100x800000000000000064192Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll2021-04-20 14:54:10.081 11241100x800000000000000064191Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Forms.dll2021-04-20 14:54:10.081 11241100x800000000000000064190Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll2021-04-20 14:54:10.081 11241100x800000000000000064189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSIPC\ipcsecproc.dll2021-04-20 14:54:10.065 11241100x800000000000000064188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Configuration.SString.dll2021-04-20 14:54:10.065 11241100x800000000000000064187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll2021-04-20 14:54:10.065 11241100x800000000000000064186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DLGSETP.DLL2021-04-20 14:54:10.065 11241100x800000000000000064185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ENVELOPE.DLL2021-04-20 14:54:10.065 11241100x800000000000000064184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\OFFICE.dll2021-04-20 14:54:10.065 11241100x800000000000000064183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\EMABLT32.DLL2021-04-20 14:54:10.065 11241100x800000000000000064182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL2021-04-20 14:54:10.065 11241100x800000000000000064181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\TRANSMGR.DLL2021-04-20 14:54:10.065 11241100x800000000000000064180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Cpprest141_2_10.DLL2021-04-20 14:54:10.065 734700x800000000000000064179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\wbem\wbemsvc.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemsvc.dllMD5=2BE97028B7B85762561F475E31989C2A,SHA256=75C9D8C6D41B4B7D70666A8107A08A748CEF6CB9E60AD0288B10CDE12E274AFF,IMPHASH=200200BEAF933FA4627BF83C67BA473EtrueMicrosoft WindowsValid 11241100x800000000000000064178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\RM.DLL2021-04-20 14:54:10.065 11241100x800000000000000064177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHLTS.DLL2021-04-20 14:54:10.065 11241100x800000000000000064176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AppSharingChromeHook64.dll2021-04-20 14:54:10.065 11241100x800000000000000064175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AutoHelper.dll2021-04-20 14:54:10.065 11241100x800000000000000064174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll2021-04-20 14:54:10.065 11241100x800000000000000064173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\BIPLAT.DLL2021-04-20 14:54:10.065 11241100x800000000000000064172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AppSharingHookController64.exe2021-04-20 14:54:10.065 11241100x800000000000000064171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSAEXP30.DLL2021-04-20 14:54:10.065 11241100x800000000000000064170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHMAIN.DLL2021-04-20 14:54:10.065 11241100x800000000000000064169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\AUDIOSEARCHSAPIFE.DLL2021-04-20 14:54:10.065 11241100x800000000000000064168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Httpproxy.DLL2021-04-20 14:54:10.065 11241100x800000000000000064167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\INKCOMMENT.DLL2021-04-20 14:54:10.065 734700x800000000000000064166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\wbemcomn.dll10.0.14393.4283 (rs1_release.210303-1802)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemcomn.dllMD5=EF7A4C64E4A6F52AEAF20828033ADFF8,SHA256=7108BBAE5B91ED6784BD32547F7BD9DEAD392E47ACAB29DC057AEF7CFB746F3C,IMPHASH=3775C2F7CD09C385EEDA8CBB7894E3E3trueMicrosoft WindowsValid 11241100x800000000000000064165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MAPISHELL.DLL2021-04-20 14:54:10.003 734700x800000000000000064164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exeC:\Windows\System32\wbem\wbemprox.dll10.0.14393.4169 (rs1_release.210107-1130)WMIMicrosoft® Windows® Operating SystemMicrosoft Corporationwbemprox.dllMD5=B7B56FAC395BEEDC20120FD0170A23A3,SHA256=7BDF579D7348D84F251A8411E40E14ADF9406F954914C1C4DE30E880DCF6CEB3,IMPHASH=96416B54C1F2E15EF294753DF1CB4131trueMicrosoft WindowsValid 354300x800000000000000064163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:08.209{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-23845-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:08.068{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com62757-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OFFRHD.DLL2021-04-20 14:54:10.003 11241100x800000000000000064160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MINSBROAMINGPROXY.DLL2021-04-20 14:54:10.003 11241100x800000000000000064159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:10.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MINSBPROXY.DLL2021-04-20 14:54:10.003 23542300x800000000000000049469Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:10.416{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF1211E64881074EC8A4CFCE142EF850,SHA256=49B6C0AF095BFD54C7A9EB4EBE83F0105221BB0575FF2DAA2271C6FBE154C52B,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049468Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:07.718{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54616-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IEContentService.exe2021-04-20 14:54:11.925 11241100x800000000000000064338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msoev.exe2021-04-20 14:54:11.925 11241100x800000000000000064337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msotd.exe2021-04-20 14:54:11.925 11241100x800000000000000064336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCANPST.EXE2021-04-20 14:54:11.925 11241100x800000000000000064335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST32.DLL2021-04-20 14:54:11.925 11241100x800000000000000064334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST64.DLL2021-04-20 14:54:11.925 11241100x800000000000000064333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.925{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SCNPST64C.DLL2021-04-20 14:54:11.925 11241100x800000000000000064332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ORGCHART.EXE2021-04-20 14:54:11.909 11241100x800000000000000064331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\misc.exe2021-04-20 14:54:11.909 11241100x800000000000000064330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lynchtmlconv.exe2021-04-20 14:54:11.800 11241100x800000000000000064329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UcMapi.exe2021-04-20 14:54:11.800 11241100x800000000000000064328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSYNC.EXE2021-04-20 14:54:11.800 11241100x800000000000000064327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:11.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSQRY32.EXE2021-04-20 14:54:11.784 11241100x800000000000000064326Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.Library45.dll2021-04-20 14:54:11.284 11241100x800000000000000064325Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Storage.XmlSerializers.dll2021-04-20 14:54:11.284 11241100x800000000000000064324Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll2021-04-20 14:54:11.096 11241100x800000000000000064323Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Shims.dll2021-04-20 14:54:11.096 11241100x800000000000000064322Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbProvider.dll2021-04-20 14:54:11.096 11241100x800000000000000064321Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll2021-04-20 14:54:11.096 11241100x800000000000000064320Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll2021-04-20 14:54:11.096 11241100x800000000000000064319Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.EventSource.dll2021-04-20 14:54:11.096 11241100x800000000000000064318Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll2021-04-20 14:54:11.096 11241100x800000000000000064317Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll2021-04-20 14:54:11.096 11241100x800000000000000064316Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll2021-04-20 14:54:11.096 11241100x800000000000000064315Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll2021-04-20 14:54:11.096 11241100x800000000000000064314Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll2021-04-20 14:54:11.096 11241100x800000000000000064313Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Exchange.WebServices.dll2021-04-20 14:54:11.096 11241100x800000000000000064312Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll2021-04-20 14:54:11.096 11241100x800000000000000064311Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll2021-04-20 14:54:11.096 11241100x800000000000000064310Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:11.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll2021-04-20 14:54:10.893 354300x800000000000000064309Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:09.641{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-25210-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049473Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:11.807{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E44C8623BEE3BED86E720446A91EAED0,SHA256=10DF91E5418E47FEB60F3AF833374BF089A6061A64E2DB92AE99D4E8C3D8A11E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049472Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:11.432{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97DC027654139928A1C08D4F9717A90B,SHA256=77CADFB5510DDAEA1942A6EEF10B7F39A2AAEC39B52969AE5B2B8795BA723419,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049471Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:09.242{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56106-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049470Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:08.969{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50101-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\wxpr.dll2021-04-20 14:54:12.971 23542300x800000000000000064355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.971{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D6DCDEAE49AA8F8F747DCF317A64259B,SHA256=B32A0271AC463AFE7AC94E0256E055F2093D4257AC9FAECED4E6D57AA6163AA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.956{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=086707BC48ACDE26A5D3C238186CB247,SHA256=2B440F6408EF3BF13F994734C94EBAC949888A6506A4BF60A05C888DCC388647,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.956{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=580EDB66B531139790D16A016CBEADB4,SHA256=52FFCB885E4DD225C99F8B28A293A3141C419000D1668C54F3D69D3B591D9569,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WacLangPack2019Eula.txt2021-04-20 14:54:12.956 11241100x800000000000000064351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\UccApiRes.dll2021-04-20 14:54:12.956 11241100x800000000000000064350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookNaiveBayesCommandRanker.txt2021-04-20 14:54:12.940 11241100x800000000000000064349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.768{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookTaskNaiveBayesCommandRanker.txt2021-04-20 14:54:12.768 11241100x800000000000000064348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcr120.dll2021-04-20 14:54:12.581 11241100x800000000000000064347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocimport.dll2021-04-20 14:54:12.581 11241100x800000000000000064346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmpal.dll2021-04-20 14:54:12.581 11241100x800000000000000064345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmediamanager.dll2021-04-20 14:54:12.581 11241100x800000000000000064344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ocrec.dll2021-04-20 14:54:12.581 11241100x800000000000000064343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\roottools.dll2021-04-20 14:54:12.581 11241100x800000000000000064342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Psom.dll2021-04-20 14:54:12.581 11241100x800000000000000064341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:12.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PropertyModel.dll2021-04-20 14:54:12.565 354300x800000000000000064340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:10.186{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57483-false10.0.1.12-8000- 23542300x800000000000000049474Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:12.494{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A63613CE8FEF18087995EB3B26A5129,SHA256=BD2F40D4BC7F8AD0AEE885452C437B771F6886233118F497FAEC9027433DB040,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:13.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe2021-04-20 14:54:13.971 11241100x800000000000000064427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Microsoft.AnalysisServices.AzureClient.dll2021-04-20 14:54:13.971 11241100x800000000000000064426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UccApi.dll2021-04-20 14:54:13.862 11241100x800000000000000064425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcp120.dll2021-04-20 14:54:13.862 11241100x800000000000000064424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lyncModelProxy.dll2021-04-20 14:54:13.862 11241100x800000000000000064423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACWIZRC.DLL2021-04-20 14:54:13.862 11241100x800000000000000064422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\AccessRuntime_eula.txt2021-04-20 14:54:13.846 11241100x800000000000000064421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\BHOINTL.DLL2021-04-20 14:54:13.846 11241100x800000000000000064420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dll2021-04-20 14:54:13.846 11241100x800000000000000064419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientVolumeLicense_eula.txt2021-04-20 14:54:13.846 11241100x800000000000000064418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EXPTOOWS.DLL2021-04-20 14:54:13.846 11241100x800000000000000064417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.846{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt2021-04-20 14:54:13.846 11241100x800000000000000064416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:13.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\SQLDumper.exe2021-04-20 14:54:13.800 11241100x800000000000000064415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Microsoft.AnalysisServices.AzureClient.dll2021-04-20 14:54:13.800 11241100x800000000000000064414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LyncVDI_Eula.txt2021-04-20 14:54:13.800 11241100x800000000000000064413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.800{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\LyncBasic_Eula.txt2021-04-20 14:54:13.800 11241100x800000000000000064412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\xlsrvintl.dll2021-04-20 14:54:13.737 11241100x800000000000000064411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MAPISHELLR.DLL2021-04-20 14:54:13.753 11241100x800000000000000064410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MOR6INT.DLL2021-04-20 14:54:13.753 11241100x800000000000000064409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OcHelperResource.dll2021-04-20 14:54:13.753 11241100x800000000000000064408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.753{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10R.CHM2021-04-20 14:54:13.753 11241100x800000000000000064407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\SETUP.CHM2021-04-20 14:54:13.737 11241100x800000000000000064406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\PSS10O.CHM2021-04-20 14:54:13.737 11241100x800000000000000064405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\PortalConnectCore.dll2021-04-20 14:54:13.737 11241100x800000000000000064404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\vcruntime140.dll2021-04-20 14:54:13.737 11241100x800000000000000064403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OMICAUTINTL.DLL2021-04-20 14:54:13.737 11241100x800000000000000064402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.737{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\mfc140u.dll2021-04-20 14:54:13.706 11241100x800000000000000064401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OcPubRes.dll2021-04-20 14:54:13.706 11241100x800000000000000064400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.706{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msvcp140.dll2021-04-20 14:54:13.706 11241100x800000000000000064399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\vccorlib140.dll2021-04-20 14:54:13.690 11241100x800000000000000064398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OCLTINT.DLL2021-04-20 14:54:13.659 11241100x800000000000000064397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VVIEWRES.DLL2021-04-20 14:54:13.643 11241100x800000000000000064396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VBAOWS10.CHM2021-04-20 14:54:13.643 11241100x800000000000000064395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\1033\NATIVESHIM.RESOURCES.DLL2021-04-20 14:54:13.643 11241100x800000000000000064394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\OcHelperResource.dll2021-04-20 14:54:13.643 11241100x800000000000000064393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\MAPISHELLR.DLL2021-04-20 14:54:13.643 11241100x800000000000000064392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\BHOINTL.DLL2021-04-20 14:54:13.643 11241100x800000000000000064391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\msoshext.dll2021-04-20 14:54:13.643 11241100x800000000000000064390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\concrt140.dll2021-04-20 14:54:13.643 11241100x800000000000000064389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBUI6.CHM2021-04-20 14:54:13.503 11241100x800000000000000064388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso30win32client.dll2021-04-20 14:54:13.487 11241100x800000000000000064387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBOB6.CHM2021-04-20 14:54:13.487 11241100x800000000000000064386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBLR6.CHM2021-04-20 14:54:13.487 11241100x800000000000000064385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll2021-04-20 14:54:13.487 11241100x800000000000000064384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\FM20ENU.DLL2021-04-20 14:54:13.487 11241100x800000000000000064383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.393{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\1033\EEINTL.DLL2021-04-20 14:54:13.393 11241100x800000000000000064382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEODBCI.DLL2021-04-20 14:54:13.378 11241100x800000000000000064381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\OSFINTL.DLL2021-04-20 14:54:13.378 11241100x800000000000000064380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\VBEUIINTL.DLL2021-04-20 14:54:13.378 11241100x800000000000000064379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ADO210.CHM2021-04-20 14:54:13.378 11241100x800000000000000064378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\1033\STINTL.DLL2021-04-20 14:54:13.378 11241100x800000000000000064377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\FM20.CHM2021-04-20 14:54:13.362 11241100x800000000000000064376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBCN6.CHM2021-04-20 14:54:13.346 11241100x800000000000000064375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBENDF98.CHM2021-04-20 14:54:13.346 11241100x800000000000000064374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBHW6.CHM2021-04-20 14:54:13.346 11241100x800000000000000064373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Templates\1033\GettingStarted16\SLINTL.DLL2021-04-20 14:54:13.346 23542300x800000000000000064372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.221{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29C3E59B4DFB598D9CA5B046AC42623D,SHA256=74864CE0AE65056587ACB8B0CF54732883ACF6C2534C6D9EB8D0F96711DA4641,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ORGCINTL.DLL2021-04-20 14:54:13.206 11241100x800000000000000064370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OMSINTL.DLL2021-04-20 14:54:13.206 23542300x800000000000000064369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.206{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9943A560BB0DD853C38DA29C3C7BA51A,SHA256=A87CA634285969F4AD5097BC3EEED13096F6EE420C943C9991E636C76BCAF91B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SAMPLES\SOLVSAMP.XLS2021-04-20 14:54:13.190 354300x800000000000000064367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:11.900{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53139-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8ES.DLL2021-04-20 14:54:13.143 11241100x800000000000000064365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.112{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8EN.DLL2021-04-20 14:54:13.112 11241100x800000000000000064364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\QRYINT32.DLL2021-04-20 14:54:13.081 11241100x800000000000000064363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt2021-04-20 14:54:13.050 11241100x800000000000000064362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\STSLISTI.DLL2021-04-20 14:54:13.050 11241100x800000000000000064361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\STSLIST.CHM2021-04-20 14:54:13.050 11241100x800000000000000064360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.050{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\VVIEWRES.DLL2021-04-20 14:54:13.050 11241100x800000000000000064359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WacLangPackEula.txt2021-04-20 14:54:13.018 11241100x800000000000000064358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:13.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\TRANSMRR.DLL2021-04-20 14:54:13.003 11241100x800000000000000064357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:13.003{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLMACRO.CHM2021-04-20 14:54:13.003 23542300x800000000000000049477Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:13.588{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8EA094625F175E0E97401C64405A253,SHA256=401A9ECB40966EABF7E0A8D387D2B05BFA9929E6581BD8883B6422D548D1AE9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049476Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:13.510{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9455F5EDAE9813CA720409A8C7FB1FD5,SHA256=3358F87056259B0210260B9CEC10C17C76B5A79478CC77B503AE05C755949445,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049475Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:10.871{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57594-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll2021-04-20 14:54:14.909 11241100x800000000000000064488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt2021-04-20 14:54:14.534 11241100x800000000000000064487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLV.PPT2021-04-20 14:54:14.534 11241100x800000000000000064486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft.NET\ADOMD.NET\130\Microsoft.AnalysisServices.AdomdClient.dll2021-04-20 14:54:14.534 11241100x800000000000000064485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\msasxpress.dll2021-04-20 14:54:14.534 11241100x800000000000000064484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vccorlib140.dll2021-04-20 14:54:14.534 11241100x800000000000000064483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLV.XLS2021-04-20 14:54:14.534 11241100x800000000000000064482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLN.XLS2021-04-20 14:54:14.534 11241100x800000000000000064481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTTPLN.PPT2021-04-20 14:54:14.534 11241100x800000000000000064480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PROTOCOLHANDLERINTL.DLL2021-04-20 14:54:14.534 11241100x800000000000000064479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\concrt140.dll2021-04-20 14:54:14.534 11241100x800000000000000064478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll2021-04-20 14:54:14.534 11241100x800000000000000064477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL2021-04-20 14:54:14.471 11241100x800000000000000064476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSUPLD.DLL2021-04-20 14:54:14.471 11241100x800000000000000064475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\PPSLAX.DLL2021-04-20 14:54:14.471 11241100x800000000000000064474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSCOPY.DLL2021-04-20 14:54:14.471 11241100x800000000000000064473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OSFROAMINGPROXY.DLL2021-04-20 14:54:14.471 11241100x800000000000000064472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OSFPROXY.DLL2021-04-20 14:54:14.471 11241100x800000000000000064471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OWSCLT.DLL2021-04-20 14:54:14.471 11241100x800000000000000064470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:14.425 11241100x800000000000000064469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\msvcp140.dll2021-04-20 14:54:14.425 11241100x800000000000000064468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:14.425 11241100x800000000000000064467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.425{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:14.393 11241100x800000000000000064466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.393{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:14.393 11241100x800000000000000064465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:14.378 11241100x800000000000000064464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:14.378 11241100x800000000000000064463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAME.DLL2021-04-20 14:54:14.378 11241100x800000000000000064462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.FileUtils.dll2021-04-20 14:54:14.378 11241100x800000000000000064461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.SqlDatabase.dll2021-04-20 14:54:14.378 11241100x800000000000000064460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.PasswordManager.dll2021-04-20 14:54:14.378 11241100x800000000000000064459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DcfMsoWrapper.dll2021-04-20 14:54:14.378 11241100x800000000000000064458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.MsoInterop.dll2021-04-20 14:54:14.378 11241100x800000000000000064457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:14.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe2021-04-20 14:54:14.362 23542300x800000000000000064456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.378{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7128CB0A0DA1019F8FF9460C586767F,SHA256=0B421D98B8042EE232F9F5FD68FA58AE9C155E68166A23E8FC9750F28E014F3D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE2021-04-20 14:54:14.362 11241100x800000000000000064454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ExcelServices.dll2021-04-20 14:54:14.362 11241100x800000000000000064453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DatabaseCore.dll2021-04-20 14:54:14.362 11241100x800000000000000064452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DatabaseServices.dll2021-04-20 14:54:14.362 11241100x800000000000000064451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Access.dll2021-04-20 14:54:14.346 11241100x800000000000000064450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHEV.DLL2021-04-20 14:54:14.346 11241100x800000000000000064449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MINSBROAMINGPROXY.DLL2021-04-20 14:54:14.346 11241100x800000000000000064448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MINSBPROXY.DLL2021-04-20 14:54:14.346 11241100x800000000000000064447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Access.dao.dll2021-04-20 14:54:14.346 11241100x800000000000000064446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Office.Interop.Excel.dll2021-04-20 14:54:14.346 11241100x800000000000000064445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.ExcelServices.dll2021-04-20 14:54:14.346 11241100x800000000000000064444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.346{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt2021-04-20 14:54:14.346 11241100x800000000000000064443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\office.dll2021-04-20 14:54:14.331 11241100x800000000000000064442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Inquire.dll2021-04-20 14:54:14.331 11241100x800000000000000064441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DcfMsoWrapper.x86.dll2021-04-20 14:54:14.331 11241100x800000000000000064440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WordNaiveBayesCommandRanker.txt2021-04-20 14:54:14.331 11241100x800000000000000064439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.ExcelAddIn.dll2021-04-20 14:54:14.331 11241100x800000000000000064438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SpreadsheetIQ.Diagram.dll2021-04-20 14:54:14.331 11241100x800000000000000064437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE2021-04-20 14:54:14.331 11241100x800000000000000064436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Vbe.Interop.dll2021-04-20 14:54:14.331 23542300x800000000000000064435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.206{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4D2C963354591433F4A0B699D74BCA47,SHA256=5847948325095442D8C6DB963C1ABB08BF19A5C41EFF6FC8B88E57865C54FE02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049479Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:14.510{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5046DBAC8B9B89B95B5C3C053D5F3F2,SHA256=28C2679CF4ABDCE6A3D6555EAB2654A85C7D7811CCE2DC87E078F8F631083095,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.561{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-27941-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:12.338{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52235-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft.NET\ADOMD.NET\130\Microsoft.AnalysisServices.AdomdClient.dll2021-04-20 14:54:14.065 11241100x800000000000000064431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\msasxpress.dll2021-04-20 14:54:14.065 11241100x800000000000000064430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msolui.dll2021-04-20 14:54:14.065 11241100x800000000000000064429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:14.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\msth8FR.DLL2021-04-20 14:54:14.065 354300x800000000000000049478Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:11.712{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52482-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 11241100x800000000000000064564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHTMED.EXE2021-04-20 14:54:15.784 11241100x800000000000000064563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.784{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ODBC32.DLL2021-04-20 14:54:15.768 11241100x800000000000000064562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.768{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OcPubMgr.exe2021-04-20 14:54:15.768 23542300x800000000000000064561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.518{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FD44071B2C8C0E40420089F11A5A734,SHA256=6B6675DB783DFABCB3DC6127585AF5BA017F41269E2DE116CAE8612BAB72F363,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ADAL.DLL2021-04-20 14:54:15.487 11241100x800000000000000064559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection.exe2021-04-20 14:54:15.409 11241100x800000000000000064558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.DBConnection64.exe2021-04-20 14:54:15.409 11241100x800000000000000064557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmgdsrv.dll2021-04-20 14:54:15.409 11241100x800000000000000064555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingChromeHook.dll2021-04-20 14:54:15.409 11241100x800000000000000064551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ClientConfiguration.dll2021-04-20 14:54:15.409 11241100x800000000000000064550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.AuditItems.dll2021-04-20 14:54:15.409 11241100x800000000000000064549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AutoHelper.dll2021-04-20 14:54:15.409 11241100x800000000000000064548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\vcruntime140.dll2021-04-20 14:54:15.409 11241100x800000000000000064547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppSharingHookController.exe2021-04-20 14:54:15.409 11241100x800000000000000064546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL2021-04-20 14:54:15.409 11241100x800000000000000064545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:15.409 11241100x800000000000000064544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL2021-04-20 14:54:15.331 11241100x800000000000000064543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONLNTCOMLIB.DLL2021-04-20 14:54:15.284 11241100x800000000000000064542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll2021-04-20 14:54:15.284 11241100x800000000000000064541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll2021-04-20 14:54:15.284 11241100x800000000000000064540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll2021-04-20 14:54:15.284 11241100x800000000000000064539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL2021-04-20 14:54:15.284 11241100x800000000000000064538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\NAMECONTROLPROXY.DLL2021-04-20 14:54:15.268 11241100x800000000000000064537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\mfc140u.dll2021-04-20 14:54:15.268 11241100x800000000000000064536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMeetingReqSendNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMeetingReqReadNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMailReadNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookMailNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookApptNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OutlookAddrNaiveBayesCommandRanker.txt2021-04-20 14:54:15.268 11241100x800000000000000064530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSQRY32.CHM2021-04-20 14:54:15.268 11241100x800000000000000064529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\msvcp140.dll2021-04-20 14:54:15.268 11241100x800000000000000064528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\vccorlib140.dll2021-04-20 14:54:15.268 11241100x800000000000000064527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfcm140u.dll2021-04-20 14:54:15.268 11241100x800000000000000064526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\msvcp140_1.dll2021-04-20 14:54:15.253 11241100x800000000000000064525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\mfc140u.dll2021-04-20 14:54:15.253 11241100x800000000000000064524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\SystemX86\vcruntime140.dll2021-04-20 14:54:15.253 11241100x800000000000000064523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\msotelemetryintl.dll2021-04-20 14:54:15.253 11241100x800000000000000064522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\concrt140.dll2021-04-20 14:54:15.253 11241100x800000000000000064521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.253{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\IFDPINTL.DLL2021-04-20 14:54:15.253 11241100x800000000000000064520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp140.dll2021-04-20 14:54:15.221 11241100x800000000000000064519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfcm140u.dll2021-04-20 14:54:15.221 11241100x800000000000000064518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcp140_1.dll2021-04-20 14:54:15.221 11241100x800000000000000064517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\mfc140u.dll2021-04-20 14:54:15.221 11241100x800000000000000064516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRLEX.DLL2021-04-20 14:54:15.221 11241100x800000000000000064515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ENVELOPR.DLL2021-04-20 14:54:15.206 11241100x800000000000000064514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\EntityPickerIntl.dll2021-04-20 14:54:15.206 11241100x800000000000000064513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientVolumeLicense2019_eula.txt2021-04-20 14:54:15.206 11241100x800000000000000064512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\BCSRuntimeRes.dll2021-04-20 14:54:15.206 11241100x800000000000000064511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vccorlib140.dll2021-04-20 14:54:15.206 11241100x800000000000000064510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub_M365_eula.txt2021-04-20 14:54:15.206 11241100x800000000000000064509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.206{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub_eula.txt2021-04-20 14:54:15.206 11241100x800000000000000064508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OLMAPI32.DLL2021-04-20 14:54:15.190 11241100x800000000000000064507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\ColleagueImport.dll2021-04-20 14:54:15.190 11241100x800000000000000064506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\UmOutlookAddin.dll2021-04-20 14:54:15.190 11241100x800000000000000064505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.190{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PPRESOURCES.DLL2021-04-20 14:54:15.190 11241100x800000000000000064504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IGX.DLL2021-04-20 14:54:15.175 11241100x800000000000000064503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientSub2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\AccessRuntime2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientOSub_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientOSub2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientLangPack_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientLangPack2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientPreview_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientARMRefer_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ClientARMRefer2019_eula.txt2021-04-20 14:54:15.175 11241100x800000000000000064494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.175{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\client_eula.txt2021-04-20 14:54:15.018 11241100x800000000000000064493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\Client2019_eula.txt2021-04-20 14:54:15.018 11241100x800000000000000064492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vcruntime140.dll2021-04-20 14:54:15.018 11241100x800000000000000064491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\CERTINTL.DLL2021-04-20 14:54:15.018 11241100x800000000000000064490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:15.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\vcruntime140_1.dll2021-04-20 14:54:15.018 23542300x800000000000000049480Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:15.557{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5E27EB36985C0F2FE0B6BAF325FEB09,SHA256=0432F0AFEBB56A4632E9289471AB832E9ACDE4C4CC65352FE22CAF6DDA6E3115,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll2021-04-20 14:54:16.971 11241100x800000000000000064626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.ExcelAddin.Resources.dll2021-04-20 14:54:16.971 11241100x800000000000000064625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\STSUPLD.INTL.DLL2021-04-20 14:54:16.971 11241100x800000000000000064624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.Diagram.Resources.dll2021-04-20 14:54:16.971 11241100x800000000000000064623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.PasswordManager.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.FileUtils.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.ExcelServices.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.ClientConfiguration.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.AuditItems.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.956{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\SpreadsheetIQ.ExcelServices.Resources.dll2021-04-20 14:54:16.956 11241100x800000000000000064617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\System\MSMAPI\1033\MSMAPI32.DLL2021-04-20 14:54:16.924 11241100x800000000000000064616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\mfc140u.dll2021-04-20 14:54:16.924 11241100x800000000000000064615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\msointl30.dll2021-04-20 14:54:16.924 11241100x800000000000000064614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\JitV.dll2021-04-20 14:54:16.924 11241100x800000000000000064613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Integration\Integrator.exe2021-04-20 14:54:16.924 11241100x800000000000000064612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Interceptor.dll2021-04-20 14:54:16.924 11241100x800000000000000064611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vcruntime140_1.dll2021-04-20 14:54:16.924 11241100x800000000000000064610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcr120.dll2021-04-20 14:54:16.924 11241100x800000000000000064609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vccorlib140.dll2021-04-20 14:54:16.924 11241100x800000000000000064608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\ucrtbase.dll2021-04-20 14:54:16.924 11241100x800000000000000064607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vcruntime140.dll2021-04-20 14:54:16.909 11241100x800000000000000064606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcp140.dll2021-04-20 14:54:16.909 11241100x800000000000000064605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcp120.dll2021-04-20 14:54:16.909 11241100x800000000000000064604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:16.909 11241100x800000000000000064603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSACCESS.EXE2021-04-20 14:54:16.909 11241100x800000000000000064602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IVY.DLL2021-04-20 14:54:16.909 11241100x800000000000000064601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\ESEN\MSB1ESEN.DLL2021-04-20 14:54:16.909 11241100x800000000000000064600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll2021-04-20 14:54:16.909 11241100x800000000000000064599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\ACCOLK.DLL2021-04-20 14:54:16.909 11241100x800000000000000064598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.909{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACCWIZ.DLL2021-04-20 14:54:16.909 11241100x800000000000000064597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CLVIEW.EXE2021-04-20 14:54:16.862 11241100x800000000000000064596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll2021-04-20 14:54:16.862 11241100x800000000000000064595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll2021-04-20 14:54:16.862 11241100x800000000000000064594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.Loader.exe2021-04-20 14:54:16.862 11241100x800000000000000064593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.862{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe2021-04-20 14:54:16.831 11241100x800000000000000064592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\MSSOAPR3.DLL2021-04-20 14:54:16.831 11241100x800000000000000064591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\GRAPH.EXE2021-04-20 14:54:16.831 11241100x800000000000000064590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FSTOCK.DLL2021-04-20 14:54:16.831 11241100x800000000000000064589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\FPLACE.DLL2021-04-20 14:54:16.831 11241100x800000000000000064588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Office Setup Controller\Office.en-us\BRANDING.DLL2021-04-20 14:54:16.831 11241100x800000000000000064587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lync.exe2021-04-20 14:54:16.831 11241100x800000000000000064586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NAMECONTROLSERVER.EXE2021-04-20 14:54:16.831 11241100x800000000000000064585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:16.831 11241100x800000000000000064584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:16.831 11241100x800000000000000064583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:16.831 11241100x800000000000000064582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.831{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:16.456 10341000x800000000000000064581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:16.721{A7A01FEF-B626-607E-0D00-00000000BB01}10084160C:\Windows\system32\svchost.exe{A7A01FEF-B626-607E-1600-00000000BB01}1540C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x800000000000000064580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:16.456 11241100x800000000000000064579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:16.456 11241100x800000000000000064578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\msvcp120.dll2021-04-20 14:54:16.378 11241100x800000000000000064577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:16.378 11241100x800000000000000064576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:16.378 11241100x800000000000000064575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXEV.DLL2021-04-20 14:54:16.378 11241100x800000000000000064574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vcruntime140.dll2021-04-20 14:54:16.378 11241100x800000000000000064573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.378{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\vccorlib140.dll2021-04-20 14:54:16.221 23542300x800000000000000064572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:16.284{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E9924344D87AAA063D55ACF241653DF,SHA256=14BC506DF558F27256EF7877E017CBE14F17E9D62C77330CCC9D1D8114B3310A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.217{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-26575-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:14.117{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-29305-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\ucrtbase.dll2021-04-20 14:54:16.221 11241100x800000000000000064568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\offfiltx.dll2021-04-20 14:54:16.221 11241100x800000000000000064567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcp120.dll2021-04-20 14:54:16.221 11241100x800000000000000064566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:16.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msgfilt.dll2021-04-20 14:54:16.221 23542300x800000000000000064565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:16.096{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B7058EDFB62B65BFC77A1B8599D76B3,SHA256=E28D8DE8BF6391D25E400444DB81E40EF2A2D155CF6D192002B6455D939E735F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049481Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:16.619{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEA567DFD0A2DF58C0E1F6C9843BA217,SHA256=180E88EE82C52293F0423A218252ED117803264BD932C8C588DFA310FC7643F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.909{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9EF0AFAEEBCE9636C2D144609CA9727C,SHA256=D18BEA3408D694021420122191F339DA609F5E49867AA3A446A26E0651D48CC9,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000064651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:54:17.846{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\BD98497A-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_BD98497A-0000-0000-0000-100000000000.XML 13241300x800000000000000064650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:54:17.846{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\B04DA29D-EACF-4308-B648-227B5727B21E\Config SourceDWORD (0x00000001) 13241300x800000000000000064649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:54:17.846{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\B04DA29D-EACF-4308-B648-227B5727B21E\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_B04DA29D-EACF-4308-B648-227B5727B21E.XML 11241100x800000000000000064648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\msotdintl.dll2021-04-20 14:54:17.674 11241100x800000000000000064647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CONVERT\1033\LOCALDV.DLL2021-04-20 14:54:17.503 11241100x800000000000000064646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.503{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Library\SOLVER\SOLVER32.DLL2021-04-20 14:54:17.503 11241100x800000000000000064645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSYUBIN7.DLL2021-04-20 14:54:17.487 11241100x800000000000000064644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dll2021-04-20 14:54:17.471 11241100x800000000000000064643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO40UIRES.DLL2021-04-20 14:54:17.471 23542300x800000000000000064642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.424{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=744F94CD14FFFF12F78D1242ECF63E82,SHA256=E6A5EB037D258BDE55266B43ED74F53FBAFB249EC1AB6B82AB7DDCF8E616B5C6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7FR.DLL2021-04-20 14:54:17.362 11241100x800000000000000064640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7ES.DLL2021-04-20 14:54:17.362 11241100x800000000000000064639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PROOF\MSHY7EN.DLL2021-04-20 14:54:17.362 11241100x800000000000000064638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.362{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso40UIwin32client.dll2021-04-20 14:54:17.362 354300x800000000000000064637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:15.664{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56304-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 11241100x800000000000000064636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO99LRES.DLL2021-04-20 14:54:17.268 11241100x800000000000000064635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDCLIL.DLL2021-04-20 14:54:17.159 11241100x800000000000000064634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOIDRES.DLL2021-04-20 14:54:17.159 11241100x800000000000000064633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.159{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSPST32.DLL2021-04-20 14:54:17.159 11241100x800000000000000064632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:17.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTE.EXE2021-04-20 14:54:17.143 11241100x800000000000000064631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:17.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONENOTEM.EXE2021-04-20 14:54:17.143 11241100x800000000000000064630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\appsharingmediaprovider.dll2021-04-20 14:54:17.128 11241100x800000000000000064629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\DBGHELP.DLL2021-04-20 14:54:17.128 11241100x800000000000000064628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:17.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Portal\1033\PortalConnect.dll2021-04-20 14:54:17.018 23542300x800000000000000049483Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:17.651{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44B1187ED76314757115F64E3A83C51C,SHA256=7359E64C6BA4B69F0F86D644C9A73C5DAD96A164E11B79EA5D32903622C7E64E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049482Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:15.491{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59084-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:18.987 11241100x800000000000000064731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONRES.DLL2021-04-20 14:54:18.987 11241100x800000000000000064730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ONINTL.DLL2021-04-20 14:54:18.987 11241100x800000000000000064729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PUBTRAP.DLL2021-04-20 14:54:18.971 11241100x800000000000000064728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PTXT9.DLL2021-04-20 14:54:18.971 11241100x800000000000000064727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUBWZINT.DLL2021-04-20 14:54:18.971 11241100x800000000000000064726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.971{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\PUB6INTL.DLL2021-04-20 14:54:18.971 11241100x800000000000000064725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe2021-04-20 14:54:18.878 11241100x800000000000000064724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\WWINTL.DLL2021-04-20 14:54:18.878 11241100x800000000000000064723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CSS7DATA000C.DLL2021-04-20 14:54:18.878 11241100x800000000000000064722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7en.dll2021-04-20 14:54:18.878 11241100x800000000000000064721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7fr.dll2021-04-20 14:54:18.878 11241100x800000000000000064720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.878{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\mscss7es.dll2021-04-20 14:54:18.878 354300x800000000000000064719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.909{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57486-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000064718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.909{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57486-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000064717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.856{A7A01FEF-B626-607E-0D00-00000000BB01}1008C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57485-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 354300x800000000000000064716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.856{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57485-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local135epmap 11241100x800000000000000064715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\IEAWSDC.DLL2021-04-20 14:54:18.643 11241100x800000000000000064714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.643{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOHEV.DLL2021-04-20 14:54:18.643 11241100x800000000000000064713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.628{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\visicon.exe2021-04-20 14:54:18.628 11241100x800000000000000064712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:18.518 11241100x800000000000000064711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\lyncDesktopResources.dll2021-04-20 14:54:18.518 11241100x800000000000000064710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ocapires.dll2021-04-20 14:54:18.518 11241100x800000000000000064709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.471{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr110.dll2021-04-20 14:54:18.471 11241100x800000000000000064708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.456{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:18.456 11241100x800000000000000064707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACECORE.DLL2021-04-20 14:54:18.440 11241100x800000000000000064706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.440{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEDAO.DLL2021-04-20 14:54:18.440 11241100x800000000000000064705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEES.DLL2021-04-20 14:54:18.424 11241100x800000000000000064704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSAIN.DLL2021-04-20 14:54:18.424 11241100x800000000000000064703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEINTL.DLL2021-04-20 14:54:18.424 11241100x800000000000000064702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL2021-04-20 14:54:18.424 11241100x800000000000000064701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vcruntime140.dll2021-04-20 14:54:18.424 11241100x800000000000000064700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vccorlib140.dll2021-04-20 14:54:18.424 11241100x800000000000000064699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\msvcp140.dll2021-04-20 14:54:18.424 11241100x800000000000000064698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\UCRTBASE.DLL2021-04-20 14:54:18.424 11241100x800000000000000064697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\concrt140.dll2021-04-20 14:54:18.424 11241100x800000000000000064691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ACEDAO.DLL2021-04-20 14:54:18.424 11241100x800000000000000064686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:18.424 11241100x800000000000000064685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PerfBoost.exe2021-04-20 14:54:18.409 11241100x800000000000000064684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.424{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:18.409 11241100x800000000000000064678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.409{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:18.409 354300x800000000000000064677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.086{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-32035-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:16.199{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57484-false10.0.1.12-8000- 11241100x800000000000000064675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.331{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe2021-04-20 14:54:18.331 11241100x800000000000000064674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe2021-04-20 14:54:18.315 11241100x800000000000000064673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.315{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe2021-04-20 14:54:18.315 23542300x800000000000000064672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:18.299{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=983BA062BE09B49F1E92882AF0809A8E,SHA256=A94A6D64B58B34DDC76598F9BA8CD7210546CBF145F77ADBDE7881A50CC5A107,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmadminicon.exe2021-04-20 14:54:18.299 11241100x800000000000000064670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\osmclienticon.exe2021-04-20 14:54:18.299 11241100x800000000000000064669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\outicon.exe2021-04-20 14:54:18.299 11241100x800000000000000064668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\CHART.DLL2021-04-20 14:54:18.299 11241100x800000000000000064667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\vcruntime140_1.dll2021-04-20 14:54:18.221 11241100x800000000000000064666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\WINWORD.EXE2021-04-20 14:54:18.221 11241100x800000000000000064665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.143{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLLEX.DLL2021-04-20 14:54:18.143 11241100x800000000000000064664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.128{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\XLSLICER.DLL2021-04-20 14:54:18.128 11241100x800000000000000064663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.096{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ospintl.dll2021-04-20 14:54:18.096 11241100x800000000000000064662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.081{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso20win32client.dll2021-04-20 14:54:18.081 11241100x800000000000000064661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Wordconv.exe2021-04-20 14:54:18.065 11241100x800000000000000064660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SELFCERT.EXE2021-04-20 14:54:18.065 11241100x800000000000000064659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.065{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\CLVWINTL.DLL2021-04-20 14:54:18.065 23542300x800000000000000049488Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:18.807{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=263CD24289C976F91A8304E031720729,SHA256=1AE552532F3EE2FB0DA32E73E153C825F15F526BC5D6E3816686A42E612032DA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.049{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\GRINTL32.DLL2021-04-20 14:54:18.049 11241100x800000000000000064657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.034{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe2021-04-20 14:54:18.034 11241100x800000000000000064656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\MSSRINTL.DLL2021-04-20 14:54:18.018 11241100x800000000000000064655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\SETLANG.EXE2021-04-20 14:54:18.018 11241100x800000000000000064654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOUC.EXE2021-04-20 14:54:18.018 11241100x800000000000000064653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\ACCOLKI.DLL2021-04-20 14:54:18.018 23542300x800000000000000049487Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:18.510{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4AE82070D98659EA5D96C3D634899F23,SHA256=66317DB765748EFB7E65198B195E883DED069DDE1AA31E44B872F868DCC0BE79,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049486Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:16.759{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52483-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049485Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:16.662{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com58865-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049484Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:15.700{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-62061-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:19.752 11241100x800000000000000064768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\odffilt.dll2021-04-20 14:54:19.752 11241100x800000000000000064767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcr120.dll2021-04-20 14:54:19.752 11241100x800000000000000064766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ONBttnOL.dll2021-04-20 14:54:19.674 11241100x800000000000000064765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\msvcp140.dll2021-04-20 14:54:19.659 11241100x800000000000000064764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:19.659 11241100x800000000000000064756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:19.659 11241100x800000000000000064754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.659{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:19.487 23542300x800000000000000064753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:19.549{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DA2C4663C90D481CDEFB29FDEA74093,SHA256=6A40928BBAF393A5AF67C44AD87F68C8FA0873138AF32159B8C2BAF785E06FD6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:19.487 11241100x800000000000000064745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\concrt140.dll2021-04-20 14:54:19.487 11241100x800000000000000064744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\mfc140u.dll2021-04-20 14:54:19.487 354300x800000000000000064743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.917{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57487-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 354300x800000000000000064742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:17.916{A7A01FEF-B636-607E-2E00-00000000BB01}2196C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local57487-truefe80:0:0:0:1082:b69b:30c5:c700win-dc-339.attackrange.local389ldap 11241100x800000000000000064741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.284{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\VBEUI.DLL2021-04-20 14:54:19.284 11241100x800000000000000064740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\System\msvcr100.dll2021-04-20 14:54:19.268 11241100x800000000000000064739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLLIBR.DLL2021-04-20 14:54:19.268 11241100x800000000000000064738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\OUTLWVW.DLL2021-04-20 14:54:19.268 11241100x800000000000000064737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:19.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\1033\SOCIALCONNECTORRES.DLL2021-04-20 14:54:19.268 23542300x800000000000000064736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:19.112{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1ED7CA08C64841CD80882E6ACC409479,SHA256=892963D14A186D2E84D9F60F1C84F27B8C7D17AE63FC202CCC224447CBEEED60,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\lyncicon.exe2021-04-20 14:54:18.987 11241100x800000000000000064734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\oregres.dll2021-04-20 14:54:18.987 11241100x800000000000000064733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:18.987{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:18.987 23542300x800000000000000049492Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:19.823{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C826FFFBCC68E92E8BC6403C0FC4C040,SHA256=4DB673AC2C595107073F832B44A5941B60DC3152F81BA143A49F8EE67D884929,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049491Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:19.541{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=45A5D022DB3E0B3874330A8D5CAC6A5F,SHA256=37247A7FAE865F3D07AC18B1E04844D87CA0C664F3EDAC552B987031DDA85B14,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049490Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:17.146{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60571-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049489Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:17.087{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60508-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 11241100x800000000000000064819Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064818Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064817Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064816Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064815Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064814Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:20.940 11241100x800000000000000064813Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.940{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064812Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-timezone-l1-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064811Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064810Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-xstate-l2-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064809Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064808Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-file-l2-1-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064807Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-synch-l1-2-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064806Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-processthreads-l1-1-1.dll2021-04-20 14:54:20.877 11241100x800000000000000064805Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OWSSUPP.DLL2021-04-20 14:54:20.877 11241100x800000000000000064804Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OSFPROXY.DLL2021-04-20 14:54:20.877 11241100x800000000000000064803Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\MSOSB.DLL2021-04-20 14:54:20.877 11241100x800000000000000064802Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-file-l1-2-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064801Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\NPSPWRAP.DLL2021-04-20 14:54:20.877 11241100x800000000000000064800Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-core-localization-l1-2-0.dll2021-04-20 14:54:20.877 11241100x800000000000000064799Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\1033\MSOINTL.DLL2021-04-20 14:54:20.815 11241100x800000000000000064798Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\STSUCRES.DLL2021-04-20 14:54:20.815 11241100x800000000000000064797Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OUTLCTL.DLL2021-04-20 14:54:20.581 11241100x800000000000000064796Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\C2R64.dll2021-04-20 14:54:20.581 11241100x800000000000000064795Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\PropertyModelProxy.dll2021-04-20 14:54:20.581 11241100x800000000000000064794Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-environment-l1-1-0.dll2021-04-20 14:54:20.581 11241100x800000000000000064793Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-heap-l1-1-0.dll2021-04-20 14:54:20.565 11241100x800000000000000064792Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppvIsvSubsystems64.dll2021-04-20 14:54:20.565 11241100x800000000000000064791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.581{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-convert-l1-1-0.dll2021-04-20 14:54:20.565 11241100x800000000000000064790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.565{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-conio-l1-1-0.dll2021-04-20 14:54:20.565 11241100x800000000000000064789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-math-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-locale-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:20.534 11241100x800000000000000064784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.534{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-time-l1-1-0.dll2021-04-20 14:54:20.518 11241100x800000000000000064779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.518{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:20.502 11241100x800000000000000064778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:20.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVDllSurrogate32.exe2021-04-20 14:54:20.502 11241100x800000000000000064777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:20.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVDllSurrogate64.exe2021-04-20 14:54:20.502 11241100x800000000000000064776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:20.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVLP.exe2021-04-20 14:54:20.502 11241100x800000000000000064775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\concrt140.dll2021-04-20 14:54:20.487 11241100x800000000000000064774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:20.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\mfc140u.dll2021-04-20 14:54:20.487 354300x800000000000000064773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:18.549{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-33400-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:18.300{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63359-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:20.409{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFD2AAC07A07279868865C0D25AF8FAD,SHA256=D3239EF0E132F359FFA7A77059DE9C6A44AD99F36CD59D385FBA2A1084ED2E00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:20.221{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=005B59C94DAABD72B09D44B0F21691A8,SHA256=7B23511AC716F78930D54F5C938CACCC50A0BADBC3E05F5B3BAEA99912CE9903,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049494Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:20.854{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CDFB93D06222A97EC41CD4CF848AF85,SHA256=C9ECFB337AC6A7741741FE9D834BFFF4A4DA750629620DB891A642F5A092E3A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049493Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:17.356{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63541-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064840Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:21.831{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9216D735C5A0CDF66593B7B71C5A1751,SHA256=9161D66265F318E6B6BD479A696614AD717B2533BB9A906B3C0D4C3D6D28F4D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064839Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:21.831{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E18D5E8A3AEBB6DEA84A2046B7841CBE,SHA256=97F1267B0BCF9EDC06EFA147592EC964F8F84EF8C5C90BB7D3A3CE71BD15EBE1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064838Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\ssscreenvvs.dll2021-04-20 14:54:21.815 11241100x800000000000000064837Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmvrsplitter.dll2021-04-20 14:54:21.815 11241100x800000000000000064836Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\rtmmvrcs.dll2021-04-20 14:54:21.815 11241100x800000000000000064835Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Rtmmvras.dll2021-04-20 14:54:21.815 11241100x800000000000000064834Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.815{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\lynchtmlconvpxy.dll2021-04-20 14:54:21.815 11241100x800000000000000064833Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.502{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\VBA\VBA7.1\1033\VBE7INTL.DLL2021-04-20 14:54:21.502 11241100x800000000000000064832Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\MSOINTL.DLL2021-04-20 14:54:21.487 11241100x800000000000000064831Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\msointl30.dll2021-04-20 14:54:21.487 11241100x800000000000000064830Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\OutlookServicing.DLL2021-04-20 14:54:21.487 11241100x800000000000000064829Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localEXE2021-04-20 14:54:21.487{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\POWERPNT.EXE2021-04-20 14:54:21.487 11241100x800000000000000064828Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEERR.DLL2021-04-20 14:54:21.018 11241100x800000000000000064827Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Office16\Win32MsgQueue.dll2021-04-20 14:54:21.018 11241100x800000000000000064826Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-private-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064825Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\concrt140.dll2021-04-20 14:54:21.018 11241100x800000000000000064824Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-utility-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064823Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-string-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064822Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-stdio-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064821Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-runtime-l1-1-0.dll2021-04-20 14:54:21.018 11241100x800000000000000064820Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:21.018{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\api-ms-win-crt-process-l1-1-0.dll2021-04-20 14:54:20.940 23542300x800000000000000049496Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:21.869{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA54C43B7FCAF72CAB80F6A0291072CF,SHA256=69E4E3B7F46B9B600D1BB33D426DAF382CBD5768F8430475B10E523ED4FBBEE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049495Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:21.541{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6D0B0899DBFDB97D17339218FB620AFA,SHA256=ADB66076A7D04A0E52A4FB6FF8D31AA46CB44C1589C32CC4B00E497B81C73E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064843Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:22.518{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB87CF75E6BDB5DBFBCB1629CE955C23,SHA256=1EA9C90F9A0F92785B84F9B969C0283B5D506143E444ABD2F97582B61B8D42B8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064842Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:21.261{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57488-false10.0.1.12-8000- 354300x800000000000000064841Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:20.897{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63028-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049498Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:22.885{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=337EDE49CE4B53E006922631781641C0,SHA256=90115AB2BFF6DB422C17B2C6B0C97D7C76C8D98F240B22FBED20B64EC3EBAD92,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049497Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:20.458{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50127-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064844Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:23.721{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8076FA79C8561E5835C07A80BA851AC,SHA256=3F9484801F6D8ED74D8CB22B6F989983668BA95795DD4484CEC7CB8E9382183A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049500Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:23.901{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44AFF331BC60BCF58A04B51F87B0504C,SHA256=91AB91CCF2A716B0E532AC255E3147420AAD08918580ED229D657B47A09B020E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049499Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:23.682{85C0FFC9-B85C-607E-9700-00000000BB01}3076NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064847Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.815{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5B19B7E2BBC35D9C7D890D6DF19F297A,SHA256=993257356386AE83730A94B89D9927693AFF8AB6056C72645049ED8D89C23398,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064846Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.737{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0D58BECCFC62E9A62EB828B814FA44B,SHA256=EF6BEC17081B37148069586DAE97177AAD44FB85A08AFB13428637FBF224AFC5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064845Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:23.143{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-34765-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049505Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:24.916{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=691A98A8D53E6396F676A9A74884A77C,SHA256=0AE5664910CFBC2228E63555C3EBE4386A866FBCE68BD25BF79AF9ACC84E9269,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049504Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:22.017{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51604-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049503Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:21.974{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-65025-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049502Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:21.806{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52484-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000049501Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:24.166{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=455AD454003F50327E34B932FF9A10EA,SHA256=ADABE78AFF2960C3CF38CDFC707AFF42A60F90B870EB68F3746D6107F73DBE1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064850Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:25.987{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C903AF1D12B90DFFDDE5DD51144ACC29,SHA256=970F700D5959D94397AB317961D995D7C425995FC56A92D0EEBED4036B3086BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064849Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:25.752{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FF78B2ECDC5C43F6E17D051B9C0D51D,SHA256=61811B376A0732E30BF2E31150107123B4F2C9DD2CD4BAF526B42D511F05A33A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064848Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:25.377{A7A01FEF-B626-607E-1000-00000000BB01}1168NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=5903BCE3337820BBA4B35BC26F1917BB,SHA256=94A837316DAE9DA1A36E7033A48121F503AF78B1CB763BC7A75379BC080DDAEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049509Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:25.968{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9719C4DC78870E4459B81806E7FB0DE,SHA256=FA3A0598F5ED30BE417043B53D5891E623B3B3D4952A0EEFA493D078F496E685,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049508Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:23.275{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52485-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x800000000000000049507Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:22.663{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com54968-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049506Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:25.229{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=483B193F3AB880863C9FF4724E157D7C,SHA256=431432F334FA43A6282721833D50F3D4032284B62A069C179FC1DC1C320A9B62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064855Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:26.768{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDD7270F500D1A15A5B856B52956B9E3,SHA256=25BF2692FF0C5D0C11048359117DFD85F429142C19E29FA234673EF3D6861159,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064854Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.956{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54018-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064853Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.674{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-36130-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064852Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.673{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-30670-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064851Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:24.533{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-38860-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049510Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:26.968{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=025CD1C3B16A3CD3DE6C4E601BDFBCA4,SHA256=A1D4977C5B5851E39DD9F42D4BAE275FF598DE3ABBEE36FFC060CBB108BA2600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064856Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:27.799{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF3D1029FB612C37B5809D819243633B,SHA256=ED9DDC69BB5AF856085A233E004CAD9A6419B4B07466319E5BF1AC6568CEB78C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064860Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:28.815{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=346F00658F0FFD464816B64E04B0CEAF,SHA256=1AA54F588BE9E999DFA91B95C4AACFAE20FECDFD6FFF3F2A4F4C74D3907B2123,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064859Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:27.414{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-41590-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064858Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:27.276{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57489-false10.0.1.12-8000- 354300x800000000000000064857Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:26.865{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58447-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049514Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:26.826{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52486-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049513Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:26.821{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56046-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049512Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:26.613{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53090-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049511Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:27.999{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D485FDAAE61575522F203068F1D2D67,SHA256=CE4162ADBB6F5060FFFA34D03DD60B6844C2712D9CB3B530C423A2BFC87C0F65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064862Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:29.830{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=870A92897E19B7F1B266BE43BC264F1D,SHA256=B5A46D6DC963C37C6F52B96A85AE454DF2B971D6BF4499461DB9D66A88727FD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064861Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:29.127{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D040D08D992320488A8236039883DBB2,SHA256=074FDD8354D2AFE7A05A07266FE7A2E35EE34BB89CC5E8314998462AFD1CBE9F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049518Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:28.204{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54572-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049517Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:27.793{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56079-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049516Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:29.280{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D1B72A19AB462CC7BC3401AD5C76C3C8,SHA256=D5D7BF82D388EFC11996085BEEC72BFE4A357BD40113CA97836BC526E5C24EEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049515Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:29.015{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88E88BB003E8F963A609BE3C6F9C8E1D,SHA256=1336B32CFC0E768C89D31B24806C0792F3F1B8A29F841C6DDB4438ABA785B5E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064866Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:30.846{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52D55A31C4FF9A5CB0178C766164A46E,SHA256=B3E758465CD1800432F4C5D1EE61B3A8EFF584C2AF25A8D0C13A183830C11BC0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064865Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:29.001{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-42955-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064864Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:28.661{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com56896-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064863Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:30.362{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=25E6F2C60FA561B0CDF1968C04998867,SHA256=B6693321FAC030A04B4D9AF58FD84E5F9CC9E9F0586E430B9C7A41A438F0AF02,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049520Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:28.398{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57525-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049519Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:30.030{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F899F851C5DAC3F0EB8443140528C791,SHA256=6B613CFA9DBBB2B346641E35A2069FF391553A9EFB8437BDBB52BA15B0DFA365,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064867Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:31.877{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC3135979DA8AEE52367E26B09DC6DF8,SHA256=9E0F47C690614EDDE91D212C47FBF4FCE72EC7721299DB19FE5764A880194B2A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049523Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:30.008{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59013-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049522Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.608{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E02F62C202CE5D154392B17D800231B7,SHA256=92AFBC02229E83D49C820E9A7DB1AE7D52C1E52C6ED3853F308C5ABE8BD10C5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049521Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.046{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8897CC430AFE0603A65B933CE7437F0,SHA256=DDD588ECF0960A6FE787F303D38F7C0FDF5F0977F4C52B091277896EF5BF913C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064868Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:32.877{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E7E953BFA1E1613460818A6A867F9A0,SHA256=EF9186FC7D64D3011E1AED034EA5524BDA248A6A59372E39F7D1FF3362CD56EC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049526Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.251{85C0FFC9-B7EC-607E-0B00-00000000BB01}632C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52487-false10.0.1.14ip-10-0-1-14.eu-central-1.compute.internal49676- 23542300x800000000000000049525Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:32.655{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=178F0BBEAB621FA208F24AC39D03256C,SHA256=C9A10D9BBA98E6D20071C4F2CE1EEAA903F5D7DDA63E4DBB9F45DBF4C862E09B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049524Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:32.077{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CDD5880CC47AEFC1BB5E1FCD98593D5,SHA256=3938EE3B3E7E0F1B8CD89D50BE293562325CB9A4222B852B475AF3C532892D27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064873Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:33.893{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7F421150B446F8278B6B6439F7EA40D,SHA256=EF601914EC587B333653D5820621E4E27B7C4A7E68562BFECE2E9E2A580A86CB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064872Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:32.292{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57490-false10.0.1.12-8000- 354300x800000000000000064871Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:32.105{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-45685-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064870Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:32.104{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-37495-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064869Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:31.696{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.15ip-10-0-1-15.eu-central-1.compute.internal52487-false10.0.1.14win-dc-339.attackrange.local49676- 354300x800000000000000049529Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.874{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52488-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049528Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:31.509{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com50439-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049527Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:33.093{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E3FAFFAFF628DFEABCDB9337EED8FF4,SHA256=51957AF5DEC74FCFBA38B0E5BE3AB67C9576056DA4C1E1B23C8EB7A39C75A928,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064877Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:34.924{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A90926D2A92AECD7C7C2B65B49EC3B8,SHA256=D6D3D1B6AEFAA77B10A0ECECD4A329401B8FCE4580860E8639807902954C23E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064876Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:34.815{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=84EA0174EE00D4151ABB591611998FCE,SHA256=50A812D1802B53A00C9438BC3EA005C9CD62BDA8CD04A911D399634DFD45A06A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000064875Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:34.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll2021-04-20 14:54:34.690 11241100x800000000000000064874Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:34.690{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll2021-04-20 14:54:34.690 354300x800000000000000049531Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:33.153{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61973-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049530Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:34.108{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=581642F5027E81901BB16693515FA9A8,SHA256=7D7EDC7886671C2733FA997324F4DDC7735E200F75C224A65B5AD010FD5C16DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064882Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:35.940{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A287459C298294E4508826BED9F2A5D9,SHA256=724DCA2260060BAFE08CA421E3232FABA7683558A0EC38BE132C5D0BA316E3BB,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064881Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:34.451{A7A01FEF-EAEC-607E-660B-00000000BB01}6840C:\Temp\OfficeSetup.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-339.attackrange.local57491-false52.109.12.23-443https 354300x800000000000000064880Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:34.359{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53413- 354300x800000000000000064879Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:33.821{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com52985-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064878Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:33.775{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63781-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049533Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:35.280{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CBA32C2C15E7E26C2342302B88185CCE,SHA256=0DB075C3A183AA2D8E0FE449131A182E0A21210D78DD06AD7ED35E47F8F8452F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049532Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:35.124{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A223AAC94BC1E3553902C974E66F6E3C,SHA256=F545AA877C55B6C5BF50E16D2E5B07AED026CAFD92A50ACF19FE5BD1A6EDD1C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064884Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:36.971{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=101D141E95419B2409E15ED7B2DB747F,SHA256=F2EF530D203C3E2D00A33D451AD405614D6DF63CC0E61B253EDCCE2C72EF61DE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064883Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:35.099{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-40224-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049534Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:36.140{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E32D6015FFC8F196C899E1A903463F9,SHA256=A8D0B281D0DB218398667BD1F8645C1960F6570D5391B8CE94EE6ED1A9D8E6A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064890Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:37.987{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DC31F9409CDD210835F8D303FC5F815,SHA256=BD38DB6CAB41EA570D3AC9D81FC52ACB7D888EEFE4D5C32C5880D116D6528E13,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064889Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:36.666{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-47051-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064888Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:36.528{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49788-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064887Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:35.651{A7A01FEF-B636-607E-2D00-00000000BB01}2212C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local58131- 11241100x800000000000000064886Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:37.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\C2R32.dll2021-04-20 14:54:37.268 11241100x800000000000000064885Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:54:37.268{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppvIsvSubsystems32.dll2021-04-20 14:54:37.252 23542300x800000000000000049537Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:37.970{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=28C6F4E3EA2CFAB523B2FB9C7A7C5F84,SHA256=899C759D2C58630EC8F7A1B8883FB5C6406791B6218E3BF388C931653234C86C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049536Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:37.172{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95CC252F83B6E8EB2E3BFA51E1C6BAF3,SHA256=5F5B689AAED686DB78CA56A1C4261082A238D8AB8079596DB7BD0042C363F4B6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049535Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:34.796{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63453-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064891Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:38.627{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=70EF166DC891DAECC209D5AAD851F96A,SHA256=89F19605BCEFFD666557AC3B3DD04991973D7B31FEB847411719DBC953FBDD58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049539Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:38.189{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A01BC13D2EB771BC460F2A76885EC13,SHA256=CB54E25A4FA6169BA55F5CF25C6319BCB5D87F6D6C22E40E55F1CDE80E6EA3BE,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049538Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:36.355{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64944-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064894Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:38.276{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57492-false10.0.1.12-8000- 354300x800000000000000064893Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:37.937{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com54607-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064892Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:39.002{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD16F2142037AAA23536939CFAC155AD,SHA256=999FD177E70C7F931F92D87254CD17A7CAD80C45EC0100E11D734CD1D34D5A01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049540Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:39.222{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70552F15C0FF0006561A6AB8A8F9F0B3,SHA256=B0466D0038A0F532A2E4AFC9ED82C90399FAAC6EC2EBB5B21A7001279EB33AD7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064897Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:39.499{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52518-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064896Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:39.430{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-44320-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064895Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:40.018{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF997D544945206764F79E0042753C62,SHA256=5094073FDCAD4E0E365319B22612071DEEE7E74086E9B8B95582EA6BE771878B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049543Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:40.254{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D53F2A1993007900BCF20B4F613064D,SHA256=ACF7F04442797E8BD5CECA8DC39A3873CCDE815FAFFAF618857EA87A0061EEA2,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049542Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:37.704{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52489-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049541Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:36.820{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com53208-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064899Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.533{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=01988320408F2076801B14A5B809B22F,SHA256=221944CF571C07DF8D6273AE531BB7BD9A355250C630A98297113C48DB02979B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064898Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.033{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD195F2E08D5AB8060F0C546A66E7E51,SHA256=F16044996A221F21F3FE066168485DC4EC4A99DB3F507809621C1C5A43196E2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049545Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:41.504{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C581424B50BB87DBD772CE04E11704A3,SHA256=0222BA9301C4F272F3518A1479EDCDA99AAB5DFE5E3DD15A709C7463E603E127,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049544Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:41.285{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10BC0DFAD82193D534302AA1E966B1C3,SHA256=23C0546821C08CAB3760BE7EAC0306E4C35B7930373888877B6277E848B1BBB4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064905Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.535{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57168-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064904Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.091{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51153-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064903Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.082{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63503-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064902Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:41.057{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53883-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064901Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:42.705{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EA57867A82ED7C388075A14CD63ADB89,SHA256=E99C478A1F2DE97C3E720DFDE7ABF2FA5DD85B382A383C50DFB40A8BF9250FA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064900Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:42.033{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5A2A391B03D6BB5D694A12EBADB8EE7,SHA256=620FFA8A59A4095CCD961F3061B01474E873908A53E378E47F489A8700706FEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049547Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:42.301{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A122C3B1C1753F82B9703873EDA54613,SHA256=1837B38BFCF967BF9186664E0AB077C720285714149E1E920AFB566A16843D3F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049546Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:39.904{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60811-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064908Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:43.815{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B583FCF7E0C4E078558337F89BE6E798,SHA256=9E393F5578F57BB8C27DB7C998A1C86E02238B3352CF17526717CD16FEF9B8F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064907Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:42.477{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55248-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064906Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:43.080{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E69B1C97DC08DA77CEBC2D084156A6A,SHA256=E841D3875D403F26F2FF87D35E398AEC18917846704F226516BD31A117527880,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049552Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:43.676{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=590C9BF8A0A6B693554084376721667B,SHA256=E9F0BFCCBE9C2A26B41F58CB61A9AEEBED96A398FD04F8B4B72DF05694EB6E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049551Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:43.301{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A340B72C52D0782AE0FD1721FBF741E,SHA256=5275353A147BE88B486D7AA1810FB9BA799D0B0D480384DCC5F0E0802507220A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049550Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:41.062{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-53024-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049549Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:40.930{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-50050-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049548Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:40.585{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60494-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064909Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:44.096{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD13914CF7672BECEDFB7D299FB12105,SHA256=64CCB0406B7F8B6C50A313112FB251D8E6EE698322A680F56ACD786F708010D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049554Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:44.722{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1F069BB52EBE247621DB8BD9A7DBF74A,SHA256=85B76F0FE136ADBAD2476881A1B522116CB0728E8ACDC3AF05AE79129C9BBC2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049553Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:44.316{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE30619B0402E4625F2815ED99410AA5,SHA256=7B9FE2B411656CDF47B8F9CDB65157C0267ABF6D21231E6B9BDD5FB9373E0E58,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064912Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:44.104{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-48415-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064911Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:44.073{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57493-false10.0.1.12-8000- 23542300x800000000000000064910Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:45.111{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10E398145514425649547CD5146ACE9A,SHA256=3911F5B6F5BB71CE2A2513324B61CBC41AA8B404DD5A272305DFF5C564BA8F82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049558Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:45.379{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A1BAC98DB9AC704D0CEE71A70E0C408,SHA256=E233BD9E66909936E2083D375D346D7B8169BF87D5F63D6362B90DEEDFBFE1D6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049557Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:42.706{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52490-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049556Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:42.692{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54508-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049555Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:42.624{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51533-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064915Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:45.430{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57978-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064914Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.283{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=78A2E1EE57D6DCBDACD09A7FF2F0CAD3,SHA256=0E45EC677C4211C25708435D220E16CD5C49D96C063A1EE2C0B1480C0E42FDD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064913Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.205{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8FEB06AA918E4BD958AFFC96AA8E5A9,SHA256=957D05B323D28FE481D1EA82913F4A5B1AE1A54209338A54DDF848BE074AFFAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049559Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:46.405{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D09DB91CCCB24B9D724F3EC2F0525DF,SHA256=F8C98344FAC1DBD3879CAA927380BE8F7A0E0B9FD90FB5C2B8867F2507776BCF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064917Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:47.846{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=931F3C7FF6B07D7BA55F25150FF7B1E1,SHA256=E882B9FE021EF6F4EC20B4096851E9DC93D8B6A1FB9CD7B5F26D14ADB75C3EED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064916Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:47.252{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6F794EFA44E56D1B42B8C1F4E58DCB4,SHA256=7D47AF0715141FE05D5C41E3936AD9806ADC346C2951AEBB1EEC52375ED91DBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049561Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.420{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C64E06A9D9F4D0FEFD6DC441BC0855B3,SHA256=FC50AD109A10108A22E95E1446C1AD7DC04AFA9E17CDE4062DC4A48ABCD091D3,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049560Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:45.264{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53940-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064921Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.982{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-59343-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064920Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.982{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-56613-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064919Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:46.770{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64197-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064918Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:48.268{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88011D39D2A94EB7766FCA554D39FC49,SHA256=7FEAD1125B10C2AF475FF0F571D4510A0CA5AB66937A0AD13DC16F4BE6C0E0FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049564Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:48.577{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=68FE044D2DD44BF150014ED4311B0BD3,SHA256=579C551A6AB072AD3D8BBCC80EA4769A0C48B7390DFA3F477607727014A3B00E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049563Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:48.436{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=575BFE779DD2D4746933988FAAA026BC,SHA256=0C3A167E684466C5FFECE7730DFC127C2046D81FEC9460CB2EB148CE8812722A,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049562Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:45.831{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57468-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000064924Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:48.436{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-1731msiccpfalse10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064923Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.518{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=48B2BD251AA8EAD25B2406B12F9DB23A,SHA256=056C44E03B558A53B7D8AAF1E28DB50349FCC0F12EF137A91B06E041CCEF298D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064922Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.330{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76AE3250C068F6F0AE8D37B28EFA7DA3,SHA256=557BA56FA6FDBD59D7CED8C967434C01082118A9C7EE3B9506494EA4FDCC56F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049568Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:49.592{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F6EEA206DAF5890D584D00DB1F32F66,SHA256=2CF1B95B4045C730D8189DF30C64D5F512305C735D14784B5C1CD9B1CACC0BCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049567Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:49.483{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48C321BDE3403375A4EC23E28866DA03,SHA256=E61C6FE8E8973C2BC4A1B2AD69633B1EF0A8C5DE19DEAC0FFA9526F3464103C9,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049566Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.405{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58953-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049565Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.292{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55988-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064925Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:50.346{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9644B1394D042CAD18809BB1A2C229BD,SHA256=45EBA930821E31CFC036070CD7945628D9FD29E90E5F2C787E2B45D09B1B6B3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049571Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:50.498{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88128EBFD2CEB02230A7ACE137742616,SHA256=E69D9C44E3592FA4958464E51E772D40E06546D1BE5FFF003D18F40341BAE3A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049570Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.959{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com50411-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049569Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:47.732{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52491-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x800000000000000064930Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:51.627{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86981F11EC65DB643BE6FEDFB35440B1,SHA256=FE8A4BED9235614B42DCBB35E28B70F99D4FFC012B99EBC6A8BD68E82CD1FD03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064929Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:51.361{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73691A59C06C9DABA3340D06EBAB189A,SHA256=5EDC00D9D122A7BEB998619FAB7C710427CBB5DCD87AE6C78B49CEAFADC997E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064928Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.952{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-3096-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064927Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.852{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com58463-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064926Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:49.104{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57494-false10.0.1.12-8000- 23542300x800000000000000049574Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:51.514{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFAB0DAF4BE0AD2941BF6E29BD720D49,SHA256=3F2A30C2A230B842BF157C3AB7E73877A0487EC669EDECA3AE67DC5FBCBD839E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049573Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:48.992{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-60439-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049572Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:51.030{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F4D3745835B22C0E60A93E138257B7A9,SHA256=70742585DC53116CE3876D3432CE571E2B4CC1599A92B09AC8D0AAEE93EF8551,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064932Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:52.408{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AEEDD5B69A31E0F7816DFF512E11ED7,SHA256=0246AF3D1F5520D258177AB291A5DAF2E73D52A8FBF7379AE127272E28C46329,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064931Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:50.904{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55267-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049577Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:52.577{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6DB549BCE9B7057F18D7D774CD9BEC6C,SHA256=CD32D837BB2358037EE0ED8D940EEBA5EB5FC36EBE9EAA3CE2A4A1CA72717584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049576Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:52.545{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C69A2B0E6BF5142CD9D9E472AFB1E59,SHA256=9F2DF85787F1EF66840353BA85DCCD26FBC5F369CE7A27A9E3ADBF1CDC09A936,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049575Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:50.598{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-61922-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064935Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:53.471{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32914600034B3538AE5E43E800608632,SHA256=2C8421BC64EBA33940632F4839A40F2B0D11B831C295335F388CD573AC9836E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064934Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:51.441{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-4462-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064933Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:53.080{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6BEFBFF96747EA14746F0C20A1FFED66,SHA256=6FE8C4838CAFA86E18E5E1D9CAC5E90BF0FEADD2AD69708502F3B189DD75572D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049579Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:53.858{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BAA2FF130146DA498CBD77400A5728C0,SHA256=328DDB06C576DCCB9599851A50AFC7C8D8321D6B1F578C88E5D5A98561FFEACD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049578Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:53.561{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FC985FE8A4475B0E0A52255D99F7019,SHA256=4C656E803F9CFBA61974B9FDA48DCCB46E0B6254040E99CE3DA32563F61DFA06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064936Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.502{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=55037B397A70EC534703F581FD3C798D,SHA256=0DCDF4BCB5A598E1E6DB8F1B7784EABB27A457F54C2DF5536358C79CA2DF8A7C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049594Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB3E-607E-D406-00000000BB01}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049593Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049592Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049591Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049590Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049589Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049588Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049587Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049586Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049585Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049584Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB3E-607E-D406-00000000BB01}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049583Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB3E-607E-D406-00000000BB01}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049582Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.858{85C0FFC9-EB3E-607E-D406-00000000BB01}2372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049581Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.561{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=247D027595B91F3A964CE54A35142B7E,SHA256=78981E50A775728DAB579684FAB225DB673D5ADF5E597C12E89B8DDC03E2B716,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049580Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:52.223{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-63408-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000064938Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:55.627{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D2FCAB6B60A80D4022C6C2A59ED032FF,SHA256=CC7604A2F1B6CC0CAF42513B987164CE1A2AC55DD65D30885C1F67A8397418CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064937Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:55.517{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F094FC10FF59BE86D7D8421E5EFC82E1,SHA256=E0C967825496410092559DF5E9F63A7918E596CDC06B5E50C56B58AB99BD92DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049611Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.592{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3FEF9FF0EB635640941B17F3282C829D,SHA256=2B4169BCF06007958183A42D6767B781B940BD3DFF97274B3329E0A7064434DF,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049610Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:53.747{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52492-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000049609Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.483{85C0FFC9-EB3F-607E-D506-00000000BB01}3482544C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049608Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB3F-607E-D506-00000000BB01}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049607Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049606Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049605Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049604Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049603Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049602Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049601Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049600Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049599Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049598Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB3F-607E-D506-00000000BB01}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049597Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.373{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB3F-607E-D506-00000000BB01}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049596Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.374{85C0FFC9-EB3F-607E-D506-00000000BB01}348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049595Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.295{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37E4A06B97B339BE31A35B9CEC253F17,SHA256=2D4C68A81ED3AD1750BAEB73B2967370BDC1ACEAE73A0E97121EB0849B8C3534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064945Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:56.642{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=19618301DC295F2A2891EFBF3A81ED84,SHA256=4DBFBB46AED58DDF90667D332E958D823BA8ED58D58ED77D710785E8158553F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064944Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:56.549{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E555513F7CBF83254303CA8E2FB8A34,SHA256=92315FC033179FC84DCC77481059F326D6DD220EE7D3C06A856D1D33D31C32CC,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064943Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:55.135{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57496-false10.0.1.12-8000- 354300x800000000000000064942Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.666{A7A01FEF-B624-607E-0B00-00000000BB01}860C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57495-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000064941Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.666{A7A01FEF-B636-607E-2600-00000000BB01}2192C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-339.attackrange.local57495-true0:0:0:0:0:0:0:1win-dc-339.attackrange.local389ldap 354300x800000000000000064940Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.478{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com57949-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064939Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:54.365{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-7195-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000049627Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.608{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B9C0A850E2DBB3BC682DD74D3842C03,SHA256=6FDE5D4B6E01B2EF384B9810E962DE4B6D022D900F3A2947EE7D8D9C2EDA726E,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049626Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:53.841{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-64901-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049625Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.389{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0F3E253A7945ADA002ABD91D8CA6A053,SHA256=8912388724EC071182A74F5BB1FD31FE2330D976F5F28282B8423D58D0CA6DDC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049624Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB40-607E-D606-00000000BB01}2428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049623Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049622Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049621Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049620Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049619Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049618Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049617Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049616Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049615Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049614Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB40-607E-D606-00000000BB01}2428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049613Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.045{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB40-607E-D606-00000000BB01}2428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049612Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.046{85C0FFC9-EB40-607E-D606-00000000BB01}2428C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000064947Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:57.564{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10B7CD8067D8160912B87449D787DE4F,SHA256=23090B540FF393E78721C3C309DDD3BAD9D569BD88E7E8836F3ADEAFC6BCD2C4,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064946Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:55.825{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-5829-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000049658Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.811{85C0FFC9-EB41-607E-D806-00000000BB01}16443748C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049657Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB41-607E-D806-00000000BB01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049656Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049655Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049654Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049653Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049652Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049651Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049650Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049649Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049648Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049647Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B7EC-607E-0500-00000000BB01}4161008C:\Windows\system32\csrss.exe{85C0FFC9-EB41-607E-D806-00000000BB01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049646Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.686{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB41-607E-D806-00000000BB01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049645Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.688{85C0FFC9-EB41-607E-D806-00000000BB01}1644C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049644Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.639{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E91C551A8E669F910124EC610832B456,SHA256=FD794B5ECA7E5EB9477BF9496FBF32E17702358FC849D9EAD42225AE9AC18F71,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049643Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:54.246{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com49241-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049642Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.561{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0492A36D5924DD6C89D578E372F3C41,SHA256=ACF495DEE8EB7C08B9BB74869D564CD86671059315AA2B000D7C86FF47A80BEC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049641Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.264{85C0FFC9-EB41-607E-D706-00000000BB01}40002552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049640Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB41-607E-D706-00000000BB01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049639Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049638Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049637Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049636Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049635Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049634Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049633Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049632Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049631Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049630Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB41-607E-D706-00000000BB01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049629Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB41-607E-D706-00000000BB01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049628Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:57.155{85C0FFC9-EB41-607E-D706-00000000BB01}4000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000064950Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.736{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=F985E1E51BD4FEB45E4931E1523E80EA,SHA256=E168C793E8F8BB7D1EAC66F2B963AAC5E0DD0FE2CCEBAB9CCFC61E8C70CE4293,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064949Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.595{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E1DF5FC15308CC54CD9D65638C37FD6,SHA256=8FA9C6062EED63971FEC94E77F30FCAF3D3239F2A6C1F5EEF7A5CD5780FEA37F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064948Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.424{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=573D980FD7148AD74E97D480FE12EA49,SHA256=F60F4EF320F25FF48050ADEADA46AF27E5665C26F736E679A01B1EDAAFA133F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049674Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.467{85C0FFC9-EB42-607E-D906-00000000BB01}35401776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000049673Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:56.422{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com63107-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049672Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:55.381{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-49999-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 10341000x800000000000000049671Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB42-607E-D906-00000000BB01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049670Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049669Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049668Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049667Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049666Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049665Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049664Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049663Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049662Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049661Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B7EC-607E-0500-00000000BB01}416432C:\Windows\system32\csrss.exe{85C0FFC9-EB42-607E-D906-00000000BB01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049660Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB42-607E-D906-00000000BB01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049659Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.358{85C0FFC9-EB42-607E-D906-00000000BB01}3540C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000064960Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.093{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com53569-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064959Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.611{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FFBABD7A3D845682F01A967EB30D914,SHA256=C45BEDBED80E8932ACEE46F1E86F6FB73FB6BC65F58DE645C9710D19B3157F11,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064958Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB43-607E-770B-00000000BB01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064957Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064956Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064955Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064954Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064953Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB43-607E-770B-00000000BB01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000064952Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.205{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB43-607E-770B-00000000BB01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000064951Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.206{A7A01FEF-EB43-607E-770B-00000000BB01}3924C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049677Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:59.608{85C0FFC9-B7ED-607E-1100-00000000BB01}1000NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=0EA6BE8DCC4E8F5C12D836DD9534DCDC,SHA256=CF3EA1C970EC42FB5ADB286F768C5364EAD9A1D2E6330A52A5F4E54E87196BF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049676Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:59.014{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64842322C39D63B8D535C07D97F2752E,SHA256=53596770B4042B136B3FCFD6573B9B3FB078A5FF1306A5D966A4B3807C34672A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049675Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:59.014{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD47A553C9184C9B21CE7287DB38AFD9,SHA256=0E64D74D7709637AAAAA3C2FF127F2BD6D4F590BEB7011615C910CF413890CD4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064982Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB44-607E-790B-00000000BB01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064981Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064980Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064979Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064978Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064977Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-B624-607E-0500-00000000BB01}644660C:\Windows\system32\csrss.exe{A7A01FEF-EB44-607E-790B-00000000BB01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000064976Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.955{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB44-607E-790B-00000000BB01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000064975Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.956{A7A01FEF-EB44-607E-790B-00000000BB01}3244C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000064974Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.775{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57497-false10.0.1.12-8089- 354300x800000000000000064973Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:58.714{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-11291-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064972Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.627{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=020589FE73524313F434471487FDDC94,SHA256=6081DEFBDDB805FA274F97A2B38D63883EA55FF1F38A43224AB07EEAE75FF6DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064971Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.439{A7A01FEF-EB44-607E-780B-00000000BB01}38962972C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064970Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB44-607E-780B-00000000BB01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064969Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064968Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064967Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064966Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064965Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB44-607E-780B-00000000BB01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000064964Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.283{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB44-607E-780B-00000000BB01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000064963Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.284{A7A01FEF-EB44-607E-780B-00000000BB01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000064962Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.220{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4A8EFBFCA84F0785556E077BB6F956D6,SHA256=C326F227DD64D4D71345432A00593A11ED6734B54B216AFFA3D0A5CE3C2FB60A,IMPHASH=00000000000000000000000000000000falsetrue 13241300x800000000000000064961Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-SetValue2021-04-20 14:55:00.080{A7A01FEF-B626-607E-1100-00000000BB01}1176C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d735f5-0x22fa4090) 354300x800000000000000049692Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:54:58.841{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52493-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x800000000000000049691Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B85D-607E-9B00-00000000BB01}37722740C:\Windows\system32\conhost.exe{85C0FFC9-EB44-607E-DA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049690Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049689Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049688Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049687Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049686Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049685Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049684Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049683Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049682Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0C00-00000000BB01}7281056C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1E00-00000000BB01}1232C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000049681Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B7EC-607E-0500-00000000BB01}416532C:\Windows\system32\csrss.exe{85C0FFC9-EB44-607E-DA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000049680Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-B85C-607E-9700-00000000BB01}30763836C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{85C0FFC9-EB44-607E-DA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000049679Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.155{85C0FFC9-EB44-607E-DA06-00000000BB01}960C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{85C0FFC9-B7EC-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{85C0FFC9-B85C-607E-9700-00000000BB01}3076C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000049678Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.108{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2016058BE2AFCB5A87177B5BBE394EF,SHA256=5AC77B66010DAA0B3F23A9C894502BAE3ACE31C584BC6E48160A75712992DC6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000064988Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.268{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-12656-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000064987Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:00.118{A7A01FEF-B626-607E-1100-00000000BB01}1176C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-339.attackrange.local123ntpfalse169.254.169.123-123ntp 354300x800000000000000064986Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:54:59.513{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com64943-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000064985Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.658{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A097394F9E1851E439A32D83D9C1700,SHA256=97677715ADE61335D2A525871CD20C4BBD48F1BC3DBED68E1AA6258CCE5BF90B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064984Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.299{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C717D1860887016027C8FDFDAB7F71D1,SHA256=57E0DEB1F2F01EE981E380E7931F66CDF4C75614D8DCAE8239AD89A4486A8B0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000064983Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.221{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\AABFADD6-A65C-4428-98D1-CBD3DEDD146C.stream.x64.x-none.0.datMD5=0A25E4840D9E188F9519954BD3DCFB0C,SHA256=C8B11194A840F1E385D63EA1CAD01C1826913BB85EE1D59947E28DE63329B91B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000049695Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.717{85C0FFC9-B7EC-607E-0D00-00000000BB01}8083596C:\Windows\system32\svchost.exe{85C0FFC9-B7ED-607E-1600-00000000BB01}1200C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+ed71|c:\windows\system32\rpcss.dll+ca3e|c:\windows\system32\rpcss.dll+b157|c:\windows\system32\rpcss.dll+7897|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000049694Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.311{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16D7E3AC42A1966B541D319FE6D1E2A1,SHA256=A7E37158633CD2D0B8DBCC1A8A967AD4ABE05DEEB4AFC93A5903993144FA9EA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049693Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.123{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D24A81975A6D102E662F4B1A1611FEC,SHA256=DF2B4EF14203D18FE89AFB9B53E8E71CA2FEDF6D129EC62FF2140A9EF630B823,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000065001Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.197{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57498-false10.0.1.12-8000- 23542300x800000000000000065000Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.674{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A8CA42618790C6B9B9DC243E7C9EF14,SHA256=FFA41C2ECF87FBEF5DE9D7FDFB74AB1EA9B6EBE74731D0B1938DE95301711C1D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064999Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.517{A7A01FEF-EB46-607E-7A0B-00000000BB01}28887088C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x800000000000000064998Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\ProgramData\Microsoft\ClickToRun\ProductReleases\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\938C817C-B832-4091-BCAC-7EAAF6891D5D.stream.x64.en-us.0.datMD5=F9AF00DC1FE5E8C2FB68C620DCB998FA,SHA256=2BF9969EA344C0104E4B03750EC5F64A2B6A33A9EDF69C17A54D05BEA23B29AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000064997Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB46-607E-7A0B-00000000BB01}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064996Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064995Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064994Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064993Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000064992Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB46-607E-7A0B-00000000BB01}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000064991Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.361{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB46-607E-7A0B-00000000BB01}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000064990Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.362{A7A01FEF-EB46-607E-7A0B-00000000BB01}2888C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000064989Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:02.346{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C1C6E770C32FE6C672F92E702EC38E70,SHA256=DC407ECE5E971D774E283AF25422FF0563CB206C48B5563E1BE00E88D0A818AD,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049699Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.736{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com60035-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049698Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:00.011{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-51488-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049697Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:02.686{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF81173A49D6A8F777BC9AD8D5049059,SHA256=3B97140D02F89786E55AE823FBDF28A05E5337F5785B22098D37EF32E619E3C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049696Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:02.170{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FD0C7A0A3B8E7FFD75DBD185EE7FBAC,SHA256=393DA6951EB2C6627FF06DD14EB633FCC545653E5039205A60A460460EF8FB1F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000065022Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.908{A7A01FEF-EB47-607E-7C0B-00000000BB01}11566548C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x800000000000000065021Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:01.661{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-14021-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 10341000x800000000000000065020Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB47-607E-7C0B-00000000BB01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065019Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065018Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065017Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065016Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065015Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-B624-607E-0500-00000000BB01}6441184C:\Windows\system32\csrss.exe{A7A01FEF-EB47-607E-7C0B-00000000BB01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000065014Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB47-607E-7C0B-00000000BB01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000065013Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.752{A7A01FEF-EB47-607E-7C0B-00000000BB01}1156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000065012Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.689{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2004B36933B1A1C1418503A2BD2C52D0,SHA256=2347B85F868C364D2D0CD6CF73E62A610B7883CA9505C1EF03C1ED54A1667A0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065011Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.408{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=143956773EF87BA63520C60696FBCA46,SHA256=7ED633E59537EE8AF80A43B0FC06B5FC266BA19FED604C288E3674AC80E1B369,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000065010Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.252{A7A01FEF-EB47-607E-7B0B-00000000BB01}58124560C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065009Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB47-607E-7B0B-00000000BB01}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065008Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065007Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065006Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065005Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065004Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB47-607E-7B0B-00000000BB01}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000065003Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.080{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB47-607E-7B0B-00000000BB01}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000065002Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.081{A7A01FEF-EB47-607E-7B0B-00000000BB01}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x800000000000000049702Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.741{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-55930-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049701Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:01.566{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-52974-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049700Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:03.186{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B901D400A3FB4C58C85D19BCEB92B27,SHA256=8E3BCCD64525C8556952130E3F8E786DE27E395195328E8B9C2BB7A771608643,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065024Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.861{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6416794444FBB4E323B9480E829A6D0A,SHA256=3CB7D05F5EFD32D3BA15BBBC1E83955A8589B35D99E14DE9564B1C4F5DED8E4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065023Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.705{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=108C050613D041F7A84EE20D560BDA66,SHA256=EB53E7F77C2E8FC11E7DCDF29365175976FABF241E520C47C4320D90379DD5AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049704Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:04.717{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F975CEC75136029AC97B26B8E21D480F,SHA256=5133C954A161429205A2F27BC2F7AFD9FE59F95990AB72CD625335FC0B9FC076,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049703Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:04.248{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3A95E93542F56A7BB71EAC8AA638582,SHA256=3F722CFDF3F3C2F6A4801DF8B17600D96D3D76CAE9152786AD48EEDDF55A69FC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x800000000000000065037Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-E380-607E-510A-00000000BB01}63405272C:\Windows\system32\conhost.exe{A7A01FEF-EB49-607E-7D0B-00000000BB01}6168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5c07|C:\Windows\SYSTEM32\ConhostV2.dll+76ab|C:\Windows\SYSTEM32\ConhostV2.dll+a84c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065036Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065035Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065034Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065033Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B625-607E-0C00-00000000BB01}6686764C:\Windows\system32\svchost.exe{A7A01FEF-B636-607E-2800-00000000BB01}2560C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x800000000000000065032Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-B624-607E-0500-00000000BB01}6442236C:\Windows\system32\csrss.exe{A7A01FEF-EB49-607E-7D0B-00000000BB01}6168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x800000000000000065031Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.861{A7A01FEF-E37F-607E-4D0A-00000000BB01}59884344C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{A7A01FEF-EB49-607E-7D0B-00000000BB01}6168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x800000000000000065030Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.862{A7A01FEF-EB49-607E-7D0B-00000000BB01}6168C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{A7A01FEF-B624-607E-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{A7A01FEF-E37F-607E-4D0A-00000000BB01}5988C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x800000000000000065029Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:05.767{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=031B78ABEE81DBD4C9B310A88A6407CD,SHA256=25A07338ECB05DD6FCAFCFE6ACD3A9102CEEE7232DEB6A0A02714210613F2501,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000065028Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:05.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Client\C2R64.dll2021-04-20 14:55:05.752 11241100x800000000000000065027Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:05.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll2021-04-20 14:55:05.752 354300x800000000000000065026Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.003{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.234scanner.openportstats.com63965-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000065025Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:03.690{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse80.82.77.85scanner.openportstats.com55673-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000049706Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:03.160{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-54453-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049705Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:05.280{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB4A5A794495CC501A5A99AF6730F646,SHA256=817C6941CD38DFA2B8C58356EDECA37AAEDDBFB8107148DBB3FB90774A122241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065043Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.783{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18386CB5C58F5A34E746C14B26095349,SHA256=B4518B5211C1DFDAC213DF9301EEA162CADE1D5FD090616245574AB51A47840A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000065042Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:06.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Office16\C2R64.dll2021-04-20 14:55:06.689 11241100x800000000000000065041Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:06.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll2021-04-20 14:55:06.674 354300x800000000000000065040Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.849{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-8560-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000065039Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:04.636{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-16751-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000065038Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.314{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5EF4853CC21F63D9879C298659A51899,SHA256=F3172FC1814FE7D6CBA49BAA1A3B35437E1612517BD8D5356870B031DCA98AF5,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000049711Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:04.912{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-58897-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 354300x800000000000000049710Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:03.841{85C0FFC9-B863-607E-C500-00000000BB01}1976C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-895.attackrange.local52494-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x800000000000000049709Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:03.359{85C0FFC9-B7ED-607E-0F00-00000000BB01}948C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-57409-false10.0.1.15win-host-895.attackrange.local3389ms-wbt-server 23542300x800000000000000049708Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:06.362{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAB25BD962963635A2A501081FC53BF1,SHA256=9A85F4BCCC391BADDF52CA156FCDEBBF261B304873BB684037A41EE8BC3173A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000049707Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:06.002{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FA6D4E9C7489B74C7A4091CB0666F99E,SHA256=039895CEB5850C7B4A857AB60A8B3EA56D9A5AA913901C5D89ACEAB77D6F6535,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065189Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04267_.WMFMD5=FF994A6CBE31EB773DEC9F88755AA64C,SHA256=7C4EF7D46FC8D740C9498C8AD9CCE11AF493D004EDBD2953FD71657D1C2BE0DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065188Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04235_.WMFMD5=003761EA7F781196A115D9F7AE99FA78,SHA256=13FFF405082974836009BAE068FD36BAACE292984F1C11E35914293909EE8B28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065187Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04225_.WMFMD5=4A9DB6E257D793C130C892BDAD13BA1F,SHA256=F4FAEFDDEF0D28C6FF19D5797F2F5CEECC48FDC85C00BC371A6922E6A19FE3FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065186Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04206_.WMFMD5=4DD23D28C59FD710B56F55C0E25EA32B,SHA256=4F08E9CC8AFB0AB00EEEC2844CA06626C33DEA102938C0AD27754AF80034CF7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065185Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04196_.WMFMD5=E557EFB85A6210068F2F3DA0A0C16E6D,SHA256=A446D11805F8C54FA4D74A7EBDA770EE245D1243906F00562E3E90DB000B2F7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065184Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04195_.WMFMD5=65F0E577179155795A20189A36BC32BB,SHA256=49F0EF178BAA1986F148C6C784D76027FD80107596E0FBC9676170E84844FA25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065183Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04191_.WMFMD5=8C3E32E36A35C8CFEF5CF83DB54DF524,SHA256=FBB1574A09AEFBED52C7FC256B57358F87557FF1A00DDE0CB91ED2A142828283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065182Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04174_.WMFMD5=DC49FBDA2E53723FD4132501AAEF81DC,SHA256=397D03E185959CB2EF569C92C1BA23EE196BDFD78A2F44B39C025F7FD64FA4EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065181Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04134_.WMFMD5=3FBB5D8B8F789F1E4E346AC3E78A97C2,SHA256=FEB29299AA9A45A7019FE9CFBA7A12EC7C68FB4952B44A0F09A18866EB42E94F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065180Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04117_.WMFMD5=189D5A65D8432F5DC0559FBE98BA3144,SHA256=63B73E22DD901686AB51898B035DF8944FDE9F71107BF1A2EB3B99EC21A7DE5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065179Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN04108_.WMFMD5=212F30692752A282EDB0E219F86AACD3,SHA256=E9E562C117C4CEF9900DEBA5274308EFD43BBAABFEF1D2AB872703342B623E25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065178Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN03500_.WMFMD5=2451AECF982BE7D155B79A774E78835D,SHA256=60B4E1A5BD21F79EF3FBE87C83EAFFED1FC0BDA72DC79FA0E03E0D115DD00227,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065177Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN02724_.WMFMD5=EBA8D1703E9ADF90DFDC385B65ED7056,SHA256=2BF7C1FD54812BE96A3493E0E880CCAC4192B8BE37B596C6AA162C5B3219AAB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065176Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN02559_.WMFMD5=E31223DB3961D3F64AD4A5FCD11E2819,SHA256=3AFBDA7D689160B6A4B58B52E4AD11F748D715AEC92EFF367CC76ACC3C6F76B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065175Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN02122_.WMFMD5=15FE603146B75D55C2D1DDFEAB0261BE,SHA256=F877CDE05B20B4BEB2F32C80D6682D79846F7D249A86320C136EBB8E5B9D378E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065174Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01545_.WMFMD5=BCCC5E5A95F5EF9774D78F93D16341DF,SHA256=0BF2067A3ADE65F1A74113E1CD22A634F2DEDFB1D142CC00A9B9FF8D45E34840,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065173Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01251_.WMFMD5=A532A091F445BE07F341A5BB9B77787C,SHA256=E9640ACF70804D649CC6D238FA20601559A86388B357AA11352F7EAC6AB96674,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065172Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01218_.WMFMD5=ADFC633897D788B8871C62251FAE2B78,SHA256=2D40BEF086F75DC4D96A6A1E2A3E8448E4C651B5F3425EC9905602295530D0AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065171Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01216_.WMFMD5=F3F56A700BFFE32B64EE86B2AB0194FB,SHA256=A7EC6BF3296EDC8BE0AD78D30657F8E8357EE1E96299B4641D6BE590ADFD921A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065170Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01184_.WMFMD5=D6FECD845218B2F50DB187531D704CA7,SHA256=2AB3DCB8EE83DA9DB0F9D641E2D6FD8C15970568E115301ACA7E5D3D290FD8A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065169Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01174_.WMFMD5=EAE196AC607E13323A692FA53FFE8D31,SHA256=DB16A89C5C9EDE114318168226A73F423EC4B0B22D3D3D26DBB5531BBA731DC2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065168Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01173_.WMFMD5=3FA8AA4E9C980D130DEB070F6C5338FD,SHA256=036F9267C03E7DA59A9133BD7D7CFE7430859C08EC10539BDA29367E77A74451,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065167Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01084_.WMFMD5=D9673281DDDE2451C4DB7F9BD47DA1C4,SHA256=0FA21A4FFE30FBE168D7613CA6FA152C2F13A4F26722DF5E10FEE89CC7ACC403,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065166Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01060_.WMFMD5=E58E157DF04B859ABA46E894314928CD,SHA256=4B24CD74E4CBB70E68F859F7EC6D22EC2D958B59586959B5FD4884854444BB59,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065165Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01044_.WMFMD5=44DFE7FD680BEEC582AA4EB3C5F07CA3,SHA256=BD09FDA27AF8D3646C4984A05938A7FE007CB126828B55C9D87EE5E20981107B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065164Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN01039_.WMFMD5=BAE60BE5E3A3D5DDFF03239DE4F18972,SHA256=0EF243D0CF9155B966529EDA38B094409F23CB1A7FAA1A4D043B383D9A127DAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065163Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00965_.WMFMD5=6AC7105BAFB4846C1917CFAB48CE6F4E,SHA256=8DCA4872ACBC99504029AF46029C6E96553FDED3BC6188890DE0B5BD3F3711AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065162Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00932_.WMFMD5=8BDC5B20C6EB532A7D97086EDBD4724C,SHA256=92F385C3489EBD31F1AEAE331917EFA3303DDCD6FC11E95962FBB182EFB4AD6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065161Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00914_.WMFMD5=5B21139AD2BD6442864EE68CDEBF8EF0,SHA256=8B774EC8EDE769C1343BF61811B3E9B0AFBFFBFDFC985E412F41ADB73BEDE0B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065160Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00853_.WMFMD5=7891EA2F728FE0CC8A05B790B9C1BF0C,SHA256=4A8D6FD286E7BA09CFAF3E699FE4CE6BDD68060D599CEA3B1E9828DF87932579,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065159Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00790_.WMFMD5=F5F4AEB43E2CA141A4F91B87CF6503D4,SHA256=792FFB9746ED028B2891379DFB3B52A3E8A1DA3A4C7F7552F28BAB6A934DC94B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065158Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00015_.WMFMD5=95091CAE6A5547B7158DFC6909E39EE5,SHA256=52BAE2DBBDACBE3C1CD94CA784EA5709052A10C9E99482B39FAD93F4FD32C340,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065157Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AN00010_.WMFMD5=AF0F64C1F166F245CCCBA735926341AC,SHA256=24AF793E442261819CE9724B856DFF7BCE374664E028130C1526E0E503313E86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065156Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00176_.GIFMD5=7D052F06BB26118664E16A362A625722,SHA256=CF9892B9B3D8DDAC876336D116BEAB91195893937C8BFA8B8220B96A9795DB84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065155Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00175_.GIFMD5=76E0739514D553B628AB13D5367D5874,SHA256=8A3A12020B0D2CC27A3739B8F3DB49E6BDDEC83B790BFF4D3C51E0C809655958,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065154Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00174_.GIFMD5=21BE4A52703F35D937BF67FA78475842,SHA256=146CE423B63DBCBC6B5E2F9FCE9F2F533ADF27863FEDB894681206EB8713042B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065153Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00172_.GIFMD5=48C307A9A96FDFA4CB4DCFF50106CF51,SHA256=77DA42EA9EC0D273E5FE71917827E7F935420511E52515E80371ADD27C63EEA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065152Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00171_.GIFMD5=EBDBD008AF8BA734D7A6CB0F328F9ACB,SHA256=FAD820C3B4349F796E01EC7DBCC4DF55DE8ED08EC812FF7B6402128778DA29FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065151Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00170_.GIFMD5=1371364A88FB7B9EA97ECD3B04B5E262,SHA256=E7B377F2DF34A68B1C325AC9BCED27530888DD01A56AF07D74F9C7E7C6B0CD80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065150Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00169_.GIFMD5=716C63A5C976CC363C57975C40FD6D1E,SHA256=88CEFD711AD9F8964B3B179A4D8A37DB05DC8F34198164D2DA77731D63A6C5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065149Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00167_.GIFMD5=120AAA23468A53D54E6F93E62D554E24,SHA256=E4EED8934D99F9B1BCD186F685A449F7E35B4A9A1B38331D1C291B4458404D0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065148Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00165_.GIFMD5=A01E67ED18B64D9F53821BA2EED46555,SHA256=848D7E8FFA1F485C83868E2B53E02D6E307A606855335CCE61554A3CC839D4C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065147Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00164_.GIFMD5=7D60FB8CCA993EA1C9ADC0DE1F026E41,SHA256=C26D0558CFAE6CC1B9B8DFCEB30EA5142398E2B04ADAF26254A6CEB691383F1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065146Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00163_.GIFMD5=383213EF7F2BA06EB0B2D60F3B6CF5A5,SHA256=2C7CF6D155E71D38F67005060842F7A85887EF08F9C1495966F2C178B799BB55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065145Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00161_.GIFMD5=5320A6DE1F6D810BAA21E5D56E9B8982,SHA256=6B67722066F37EDF0D34A50780E67FD9193C5E36473FDDEC389D52686D28700F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065144Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00160_.GIFMD5=7B0CE00455F9CCCDF41A3F1BA4A9F041,SHA256=8F02D33621BE22D85D8F821332320C97C2208C75E5FD10E368012DF39AAFE35D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065143Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00158_.GIFMD5=F8BA91E5E84E27173DCF9279C7C3DE31,SHA256=546B880CE92961730F17BCB9B3B2BB49F967C0EB02F4A4000A79E9344A5132CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065142Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00157_.GIFMD5=77AB2AA03E7A3FCC677D136A4F8875DE,SHA256=0E6325AE25D3BE6D879B124C79C2C144A8FA307F8974BABAC0ACB86BE9E3705B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065141Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00154_.GIFMD5=9A6292262446E4007A45BDE905F8009E,SHA256=B86A785BDDD9F7C5D6C53B99AAD9901C454717B6BB20610142EE4AE92B18E06B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065140Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00142_.GIFMD5=CCECF61D62CD20DFB8A2E26DB5C7F398,SHA256=540A1AC8D3E504CA28178BF19B8699A920ADAC2085F9CAEFA84D23571EEE0E9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065139Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00139_.GIFMD5=99374BC68A6BBF1D09624F8C0FE91DF1,SHA256=06DD631B0A58BDFD6F9C491F678C3CFD9436696A1D7546FD4FDEDF2EB1933FB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065138Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00135_.GIFMD5=512B6A518E75023A2953BD27222DCA8A,SHA256=71FA443D5FD64C8B895DCB2F8F933C50666C90C15D2B657B5768A78BAE318241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065137Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00130_.GIFMD5=F0727B2993E6F01C925FBFA1129B3ACB,SHA256=4554A6361762D4B088447647BC6F72C8AF9EAEA09A7490E38E9D1146FFFCD52F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065136Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00129_.GIFMD5=8776C625245F499B1DD7D648533F1AAF,SHA256=D3C4F00C94DA1FF904C9A9B23972A0F4A3278681E1204C5B3AE71359EC10DCEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065135Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00126_.GIFMD5=3AFA4234271C5B0453696482B58FD705,SHA256=D019D526657F76B1EB9CF6528542FDFF0DC8011DF7D6C7DC4F26E1B2ED967936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065134Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00120_.GIFMD5=E33F577836AD852F39701E4B268F6525,SHA256=5E259EF814481CFBCDBA142757CDFCDF29AFF63B85B61352AA3CDB684718792F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065133Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00103_.GIFMD5=297C1130703A8ED6258CFEF48C85B871,SHA256=E6A99CF1960027949878699899EB40294C271912DFC1495296C2EAE3387913C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065132Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00092_.GIFMD5=7DEC2F74B6617095F85C4697838D61A9,SHA256=29AE1B71C3ADBE86C249D739427A4B2C3193725318A751D61E3B463DD2B07A2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065131Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00090_.GIFMD5=8D203038CDA89C643899682DCA92FEF7,SHA256=4901FAB9DFC0FDC81596ED32E48261A62D8848485EEA875136313F03D9C9B1C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065130Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00057_.GIFMD5=0795D9C007F6DC5476B6C1EC1489D106,SHA256=D827FFC39F261D77A02FA6396EA43D6EE25AEC845B22D7AC0B31CD6B4E049B4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065129Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00052_.GIFMD5=7403CA6B13E85EB7359B210B51E8FC60,SHA256=B044E68F5CFB4A2F992016FE52FF1C1AC9680BBDD56C349732BCF2BF4301959A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065128Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00040_.GIFMD5=31200427076448F7F4EA84104F080666,SHA256=4FA5DF99252D18B0E8ABC117011F744C6CA670D1DA9A851270C069C969AC2E5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065127Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00038_.GIFMD5=FCCFA7C3B2EFC41F9680E4FD29C2909B,SHA256=C22A9EBD50F2C1A600756682CC954366E521144718E5A2797371CF56D56E2A92,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065126Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00037_.GIFMD5=E9A590CCB3528DAD031EC3AAEAC1EEFC,SHA256=164AC19AE06A3C3298D2A586DD8087F2F1C3A217EFC9FAB97420972B1B092482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065125Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00021_.GIFMD5=D6D8F4BB7426F5F992839A9FA88ADB49,SHA256=162AA4742B3E58A8E79CD7FD4C620E2A3990D796E324F2D7EC06CFD289DF9472,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065124Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00011_.GIFMD5=41F0F352FE278A3FAA618C1807D64449,SHA256=82245565B0CA21F1EE67393CF28C7CF500B2CE361F5D323FD3414CEABB412B5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065123Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\AG00004_.GIFMD5=F402907DA253FE2A3CB22C0F9C638C3C,SHA256=715CE13ACDC157995CC5B4E3D5B5379684C009EFF7942FD6C5FC2BF918A208A5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065122Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vcruntime140_1.dllMD5=9040ED0FDF4CE7558CBFFB73D4C17761,SHA256=6CC4315DACEB0522816C60678344466CB452426267F70C7FAAE925361674E774,IMPHASH=AE0BDE6314FA2027B54CE04898F6AB69truetrue 23542300x800000000000000065121Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.924{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vcruntime140.dllMD5=23105A395B807D9335219958B4D0CEC1,SHA256=61832990E364DCA5BFA2C61D930F00ACAAE6D1AAA3130392403455AE9A1125A5,IMPHASH=F143E2868EFDE0FCB493BD3051708A62truetrue 23542300x800000000000000065120Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\vccorlib140.dllMD5=DDD9457EF184CC3897B8198D262F4339,SHA256=41B6AF9484C860804C69E00C9D7FEE22EFE5F769C51355936FC9DE248221DE94,IMPHASH=4A5F3C3AA39A4E0497DFF0471239D5F9truetrue 23542300x800000000000000065119Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\ucrtbase.dllMD5=34168A4AF676D6A5733BBF7A0905D3C7,SHA256=2AB2A74BCB5BFD8248D232EB3BC56698FB5173B9FF7FC0DAF87D8120D0F448D7,IMPHASH=5E97252FEC9CAEB9BB1DDC7CC50F68A6truetrue 23542300x800000000000000065118Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcr120.dllMD5=49FB6E786B2F9DF8812E0E317CED55CB,SHA256=9461F2E4ADD5C650102ACDE0C62377FF86D9B19FC20D0003F326CCD474E8B7B9,IMPHASH=8F18E22935EF8B336E246EE763FBEC97truetrue 23542300x800000000000000065117Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcp140.dllMD5=A1D30EF2114E18E26E2BB96555BE81BF,SHA256=F87819AE8C6F7C90D3237A1ABB9809E8CBA9DCD0C80AC3F0969A5E68EF652CA4,IMPHASH=C0E775D13A8146396B3DE4DC441694A7truetrue 23542300x800000000000000065116Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\msvcp120.dllMD5=8C8D1140787DA60A343DD11C1CDF4992,SHA256=6AA1ECE9DD340D05AEC43248592A78B70D21959DE8727F506D21A3A962348583,IMPHASH=D0A59246EAB41D54812CD63C2326E1F1truetrue 23542300x800000000000000065115Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\mfc140u.dllMD5=C6A732F23B907BC6D37982F47F4B4453,SHA256=C8DAB45709404E6607B21A641895C6B6953550780B2245C3792E64244A10DA8E,IMPHASH=D774F0CF6BA79D3B787D3AE2DC21DC54truetrue 23542300x800000000000000065114Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.814{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98F1D158E22185A2D34E4ED6DA286473,SHA256=EF337F6CC9DBF3DA80F8B6DEA0044CFE6BDE292C1BF88ABEF80C724BE79EEB03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065113Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.799{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\concrt140.dllMD5=EB42B164D603672E07997019BB00E4AD,SHA256=DABDB0732B2FC14040CEDBBFD369D9EB3C7A2E66B38A79892E1C05E6D6A8526D,IMPHASH=E29B9617328962A9B58721E88E2FD959truetrue 23542300x800000000000000065112Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.799{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVLP.exeMD5=A645B6805F82C01F96F4B80077E5987F,SHA256=BE74C36A88EAC6A09EF1699BF76E7018C0DFE5EAC87CC40C899B9675CD9CDCDC,IMPHASH=FDDF6DC1DEF389880C85DC5E71621AF9truetrue 23542300x800000000000000065111Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVDllSurrogate64.exeMD5=1F3D3966B470725B8A45368E2CF3602A,SHA256=F56A00EA456955E263D66988254CEA05D3CBF680A4692D9DEC27B728C59E8ABB,IMPHASH=352C20A26119468E29BA1F92D2DCD568truetrue 23542300x800000000000000065110Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\AppVDllSurrogate32.exeMD5=BB87D970CD29CC07A84A92E637ADD9A2,SHA256=A17CCEE308499360020E71EB305A5616D7B3163B02B20A26144355DC74E7F6CE,IMPHASH=907CF5B9C00C513E347B1BB4516C2816truetrue 23542300x800000000000000065109Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-utility-l1-1-0.dllMD5=F440DC5623419E013D07DD1FCD197156,SHA256=BBA068F29609630E8C6547F1E9219E11077426C4F1E4A93B712BFBA11A149358,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065108Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-time-l1-1-0.dllMD5=05AF3F787A38ED1974FF3BDA3D752E69,SHA256=F4163CBC464A82FCE47442447351265A287561C8D64ECC2F2F97F5E73BCB4347,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065107Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-string-l1-1-0.dllMD5=3A96F417129D6E26232DC64E8FEE89A0,SHA256=01E3C0AA24CE9F8D62753702DF5D7A827C390AF5E2B76D1F1A5B96C777FD1A4E,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065106Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-stdio-l1-1-0.dllMD5=53E23E326C11191A57DDF7ADA5AA3C17,SHA256=293C76A26FBC0C86DCF5906DD9D9DDC77A5609EA8C191E88BDC907C03B80A3A5,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065105Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-runtime-l1-1-0.dllMD5=C25321FE3A7244736383842A7C2C199F,SHA256=BF55134F17B93D8AC4D8159A952BEE17CB0C925F5256AA7F747C13E5F2D00661,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065104Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-process-l1-1-0.dllMD5=E18FD20E089CB2C2C58556575828BE36,SHA256=B06B2D8C944BFF73BD5A4AAD1CAD6A4D724633E7BD6C6B9E236E35A99B1D35F2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065103Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-private-l1-1-0.dllMD5=B4BE272187CB85E719DFB5BF48BB9B1B,SHA256=CCAF41E616B9A872D35C8083CBF8FDC14371FA3EF159FE699514643C26A4EBF3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065102Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-multibyte-l1-1-0.dllMD5=FF4DE9CE85C4B01312DF6E3CDD81B0FF,SHA256=D7E676B9F1E162957D0549AB0B91E2CD754643490B0654BF9A86AA1E77CB3C37,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065101Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-math-l1-1-0.dllMD5=877C5FF146078466FF4370F3C0F02100,SHA256=9B05A43FDC185497E8C2CEA3C6B9EB0D74327BD70913A298A6E8AF64514190E8,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065100Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-locale-l1-1-0.dllMD5=0D50A16C2B3EC10B4D4E80FFEB0C1074,SHA256=FAB41A942F623590402E4150A29D0F6F918EE096DBA1E8B320ADE3EC286C7475,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065099Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-heap-l1-1-0.dllMD5=5D409D47F9AEBD6015F7C71D526028C3,SHA256=7050043B0362C928AA63DD7800E5B123C775425EBA21A5C57CBC052EBC1B0BA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065098Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-filesystem-l1-1-0.dllMD5=D76F73BE5B6A2B5E2FA47BC39ECCDFE5,SHA256=6C86E40C956EB6A77313FA8DD9C46579C5421FA890043F724C004A66796D37A6,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065097Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-environment-l1-1-0.dllMD5=FE93C3825A95B48C27775664DC54CAE4,SHA256=C4ED8F65C5A0DBF325482A69AB9F8CBD8C97D6120B87CE90AC4CBA54AC7D377A,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065096Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-convert-l1-1-0.dllMD5=AFC20D2EF1F6042F34006D01BFE82777,SHA256=CD5256B2FB46DEAA440950E4A68466B2B0FF61F28888383094182561738D10A9,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065095Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-crt-conio-l1-1-0.dllMD5=E3D0F4E97F07033C1FEAF72362BBB367,SHA256=3067981026FAD83882F211BFE32210CE17F89C6A15916C13E62069E00D5A19E3,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065094Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-xstate-l2-1-0.dllMD5=42DC903598FF9D2BFB92D3F1F1563A92,SHA256=583BE047AA83CCE2E8950F5F550DABC5F7CB5957860316E3F409BFAFB10B963C,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065093Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-timezone-l1-1-0.dllMD5=BDD63EA2508C27B43E6D52B10DA16915,SHA256=7D4252AB1B79C5801B58A08CE16EFD3B30D8235733028E5823F3709BD0A98BCF,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065092Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-synch-l1-2-0.dllMD5=B9BC664A451424342A73A8B12918F88D,SHA256=0C5C4DFEA72595FB7AE410F8FA8DA983B53A83CE81AEA144FA20CAB613E641B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065091Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-processthreads-l1-1-1.dllMD5=247061D7C5542286AEDDADE76897F404,SHA256=CCB974C24DDFA7446278CA55FC8B236D0605D2CAAF273DB8390D1813FC70CD5B,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065090Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-localization-l1-2-0.dllMD5=6B4F2CA3EFCEB2C21E93F92CDC150A9D,SHA256=B39A515B9E48FC6589703D45E14DCEA2273A02D7FA6F2E1D17985C0228D32564,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065089Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-file-l2-1-0.dllMD5=ADB3471F89E47CD93B6854D629906809,SHA256=355633A84DB0816AB6A340A086FB41C65854C313BD08D427A17389C42A1E5B69,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065088Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.752{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\Client\api-ms-win-core-file-l1-2-0.dllMD5=19DF2B0F78DC3D8C470E836BAE85E1FF,SHA256=BD9E07BBC62CE82DBC30C23069A17FBFA17F1C26A9C19E50FE754D494E6CD0B1,IMPHASH=00000000000000000000000000000000truetrue 23542300x800000000000000065087Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AuthoredExtensions.16.xmlMD5=4876BF2C894105EF41AA0B6E14775900,SHA256=6F3AF2639897E6574A09A9CC73F3A58B9E935DA9B91A1403CAB40EC238120CF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065086Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifestLoc.16.en-us.xmlMD5=C9828B37D1010216A89F9D8845F417D9,SHA256=FBF2941DC4DD083D92D0FD845CD3492DFE3B1FC64BDF886BC7401FEF20D0C642,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065085Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.736{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.common.16.xmlMD5=3190C878A91696676E20401DCCF9BA35,SHA256=DBE145F95DBF06829D73C8FAF74AF9B243E1EE463D5676633929964A4692A130,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065084Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xmlMD5=638D22A1AAF4198A076056574D217304,SHA256=566E3FFDFBF7544D4FA96BAEA81898328A8E4425BE1D684E2BD443F5A22C1E56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065083Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.720{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xmlMD5=807AF192A6E7AC475B3BD18A649AB3F0,SHA256=3D2615F7A1EB9347E05835ACFDCDB3DF9ACAE825CE39DDE3ABB55AD36633048B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065082Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xmlMD5=CB9FB0E5C6DB9BF9C65B74028E0ACDC2,SHA256=CB243F60A0A16A6FA7C907CF75AF49E80F6539476FB59FEEA0566BB169FC4EBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065081Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xmlMD5=32BF4F2F9C41E39216F470BD4575EC05,SHA256=AE7315D4E84F696803EDB2E6A7A877096044D888FF0A2943CF0D14462D7FE7FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065080Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xmlMD5=F23D420D6DFC5FED4DAA0F93DA7BB288,SHA256=030EE516346C0E941C90708A2B30B8FA13E0752D5CD85AD857AABF3AE1FFE40B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065079Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xmlMD5=D94A45BB813C27EC3796035F69FAE65D,SHA256=9B02F1AE9ED90809CD5EC6CE654BA5E588CC4A25DBD237BB08552CB87E307633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065078Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xmlMD5=7BAB6B0A74189063D113068DD969D945,SHA256=14D6110163DD4EC617A26884171AA4142475C7180108BBBB483A3F96DCC73118,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065077Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xmlMD5=A96399C138FA7154CCBC86FEC34CEB43,SHA256=FDA2D3B21B8E5A302C3942DB0BE8BB9002266CD4B1B1AEAB42938238B60AA117,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065076Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xmlMD5=54D0A5E625E051090A33AD7170B34F07,SHA256=352D9E7BFFEE274C16EE6B8F7B4181821A04B9F9C86E3DFCAF5B0875486483A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065075Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.705{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xmlMD5=F51190CF9DD96C775C750F5C49801844,SHA256=562DCF37326669EEF82E8A36B1E2AEE7ED60C48A269BFE8753E290E89F52149E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065074Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xmlMD5=BDF3061687552D8777EB9D98DA537520,SHA256=6D91DF851B33BF56D1236CF2FD6F3EC39A8B4A0C56EBC36B9D9AF901735A4D40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065073Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xmlMD5=77824D471883A7221496F35C656A908E,SHA256=452F12C219FB2774C8E584B30270947C10DF60CC9A66869C532CC9C773E9BDDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065072Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xmlMD5=E95BE577AE362E6106B441CCF2E2E206,SHA256=42D5B65D6BBB8AC89BD564D19DC0A41F5E8BC638A1153B3A05ED614104FF2C38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065071Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xmlMD5=4DB36DC46E9A57CBADCEC98DBBCA5958,SHA256=C1062037F3D844577409D2098BB7173EA6A093BDE744ADBCAFB08F1A1189E38D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065070Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xmlMD5=25E9E014DC3321811652478F23BF2945,SHA256=6259642BFC43BA33DE49FA331CA967639AB5D643EDB10E618483A3ED89B4ED1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065069Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.689{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xmlMD5=97B8A8B7CE7CA267898FE22509A67B05,SHA256=7C31C77EB509C342DA3B5C487A066CEBCA55E85E26D1E0450F1FF2D6E71618EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065068Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xmlMD5=EF2D9B6A46182D25CC1216ACC7EA398E,SHA256=23160AB479C55771809B3C60D9082CB9946CD7EA9EED1B9ED00C61EB456CF982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065067Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xmlMD5=3903374D860EF8E33358D3B5F2531BC7,SHA256=F2E5AB105B4CAD2BD078087B63B842A4F8ABE1ECDB87CCB184592D56457BC38E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065066Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xmlMD5=A1C5C129B5D92490CEDEF0C62CF26B94,SHA256=08EC684BBE0764713C9A0ABE666C6374299C311071305D57D47E00C453A178D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065065Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xmlMD5=C7B5BEC5962F3FCA1C3B6DE39F9E21B3,SHA256=1F07B20C06889FCE73494E5C97224A16DAD9468D6FB7C1565DAD898E0262D971,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065064Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xmlMD5=7A779C86FBC9FFA2E870AF193525A877,SHA256=7544EC93F182F1D0AC5D26A052E3137A97A6ECA42C354629B541126FBEC8F619,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065063Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xmlMD5=81FA49817E6DEDD4BB836EDC25CAE5B4,SHA256=DE5C7CD6344C62F3B6AF2B900C723D9A3C923F42452E4FFCA636244416B94E20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065062Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.674{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xmlMD5=7041EDFA441F7F8D427488D5C1DB416F,SHA256=B79B2C0F8318E03FBE84E62BD1CBB2EF3F19DC658C4BF2C2ABE00EA26B4285A0,IMPHASH=00000000000000000000000000000000falsetrue 354300x800000000000000065061Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.254{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-15386-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 354300x800000000000000065060Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.213{A7A01FEF-E386-607E-7B0A-00000000BB01}5904C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-339.attackrange.local57499-false10.0.1.12-8000- 354300x800000000000000065059Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:06.127{A7A01FEF-B626-607E-0F00-00000000BB01}1136C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse5.188.206.230-18117-false10.0.1.14win-dc-339.attackrange.local3389ms-wbt-server 23542300x800000000000000065058Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xmlMD5=128AEDC1BC0AD0A236566D215017CC44,SHA256=657DAF5E974CAD63D5CA9D23467584E6B53F127AB67460ADE4149181E45E42FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065057Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.658{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xmlMD5=857A583146B57B6E2C2B43362B5F1418,SHA256=49CE2401446882E572D2EFB31916D0CBD3886BA02664970923E5B5E4A7BE2D56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065056Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xmlMD5=CC6536DB1A420E039FA3891A01EE315E,SHA256=77A826ABAD4E7A8A7E7AC6E443EB29FA536010C1030F7965CA8F54EA4FF59078,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065055Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xmlMD5=B318F849A71CB1A1EAA1C8658FAA3921,SHA256=67C357821EF9C367B5E7CFB424D3774E837A4ECB78240C37FAD803337A6DB581,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065054Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.642{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xmlMD5=C2957EDE4DD65053FA84A76564B09D89,SHA256=B78D63E42EB125D8388948CBB2D4DFB978B5986E8168CFE8D73B7B5564480BF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065053Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xmlMD5=E2E4792F580A0B31AA20F0AC95797004,SHA256=F3C9513E6CEEEC85E65D87FFA1EBF0F4A677F84EC112B0611B8B2FBF4C4850C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065052Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xmlMD5=7DDC8B8C425A7E58D45D2CFD0FDC485A,SHA256=88702F0EF00A349BE036A5883796F55680E2C2718F21027E380F5C24CC799343,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065051Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.627{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xmlMD5=0BB0ED5CA6E2F074866FD37928E842C3,SHA256=CC93E037AF01991CA0550C64CFC05A4EF9D1681735918ADF3442ADF8CDE97C10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065050Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xmlMD5=B8C8BB53C390AD68A010E817BC0B561A,SHA256=90EE77CD171F83917E140D271DC4AED487A9AD5EB65C51934BDB5DD4C83BED7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065049Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.611{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xmlMD5=752D09D283D4959BE47163D04C60A438,SHA256=0DBC30CD8696CD9A2AAA8484C1EBDA1DA8EFD7E00A6798F94D75EEB13C26DED7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000065048Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:07.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\C2R32.dll2021-04-20 14:55:07.517 11241100x800000000000000065047Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:07.517{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\AppvIsvSubsystems32.dll2021-04-20 14:55:07.517 23542300x800000000000000065046Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:07.361{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=340AE7C086F23EF398A758C3A90B238D,SHA256=C5D696C9369C68E2105EF6D5D0C8E5BA0F53908B3FB5257C478B63229B78D8F0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x800000000000000065045Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:07.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll2021-04-20 14:55:07.330 11241100x800000000000000065044Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.localDLL2021-04-20 14:55:07.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll2021-04-20 14:55:07.330 23542300x800000000000000049712Microsoft-Windows-Sysmon/Operationalwin-host-895.attackrange.local-2021-04-20 14:55:07.377{85C0FFC9-B869-607E-D200-00000000BB01}3944NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B873BCD3DA5C7DFAA3C8F9B8ECA83967,SHA256=DB574AB93BA09525E158F122F903BA6C00AB9494009B1929689C1623217E9006,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065791Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152606.WMFMD5=D36AB9748730A913ABE0FFD4C7224473,SHA256=CEE6E12E69AFE36ACA8F49CF05768D9CB8B901785553086576117B2504E9C933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065790Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152602.WMFMD5=744234A56AAC3AA45A0E53DC19642576,SHA256=9D45055A10A8EE92302A2FCDF471C875804D05A157C6C521B1889110B454EEC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065789Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152600.WMFMD5=C293548E46A9DB84F6FFD32DA9CC23D2,SHA256=824C9686A9D9CAAFA2A71CAFEE699C629E6B3E540625F833F3ED3CEF7AB20466,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065788Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152594.WMFMD5=A741BE115F7D132B5063D307A22314E4,SHA256=027921B0C09DE2B0FB3501A423B328C693AD34BBB5AA73237ECFA1DB9DCFE0F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065787Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152590.WMFMD5=27A537FC556D66111230458EDF534FF5,SHA256=063EBF2CB6D0DEC87262DA7FD68178FF5D3E208B68E0AE637A82C84A55879874,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065786Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152570.WMFMD5=AAAB2D0344E77CB111E788B4EE9322FC,SHA256=A6260E443EA28BE796B02CEEF88CE3201493935AB33560310C031F007E32D621,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065785Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152568.WMFMD5=4CACF667B4598C93B3A26B643C0A3D96,SHA256=36B3B651782CC23CF766CCFA04CD2AED977C7FDFBAE9C0518E2C0872C4389E1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065784Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152560.WMFMD5=A49DE5E78A8956DB5962A2B7D692E057,SHA256=831B94AE7B0C35C756F6DD805BB1987B9263CEC1B5EBE24FBEFF0D0FAF9C7692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065783Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152558.WMFMD5=4D85D2AB71E00BA52A54DC3E3D6373A0,SHA256=4C68AEA800358EFC61F2782C45E6BE30B2C6D71264A2C0BF96EE9564631D48DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065782Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152556.WMFMD5=656971D8FC4F7E637FA63348B1CADA3A,SHA256=DB113746404433552DAAD435F507A867DC74EDA12D47ECF474BDB065823B5926,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065781Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152436.WMFMD5=AB33E4363D60FB79AB5A84D667D5A227,SHA256=46F6E5B59BAC71246DA17CCAAAFB62CBB0B2F1DC5296BCD653B3B3FF806D26F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065780Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152432.WMFMD5=A73C07E0CBE4190B33A5E9F2464B3893,SHA256=A06BABDA3CEC394C7AD44E689723CCCD06C2685E35549621994F1707ECBD9D5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065779Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.986{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152430.WMFMD5=9E4357B9AC6A874A8B3214FD2DF22D52,SHA256=96B0FA89CBAC57BD610730DB11A53E0826643E64372BF8BB8A0F4863A65B7F0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065778Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0152414.WMFMD5=32C408E70297121B24F6B63B3AB48753,SHA256=300A8F4CF8529DE4E6C67AFC5B4B2E84BC41E255CFC978AB317BAE8C9EDB7F4A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065777Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151581.WMFMD5=A7D34F6A36C6B68D96B427B95FE49CC3,SHA256=CB4696424AD1E7CFD3ADB31E8E49D4E3A237120AD6B4186EE04D823EE9679530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065776Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151073.WMFMD5=2A1A02EA230FB5A5B92E8773E96FCD81,SHA256=55054CAA6C5B71F351A8852D1A1F1BC06C95ED2BC6B9C41BF63D807545D66460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065775Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151067.WMFMD5=62B7C9D25E9B4D3B5A3DD60CCEDA239F,SHA256=5FD8819AB41E8ED3676A6A5B02549F447F8F39D255812984770B2CCB9E18CEFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065774Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151063.WMFMD5=F94BB02392C9C939463328D8CF45FEB2,SHA256=D0E150C42D751809D05BDDC91B9E3B9287E6E7898C8C485FE106134CD55EDB90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065773Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151061.WMFMD5=121F6490E062B1E86BD4C9ECE5D92200,SHA256=50F5CF7DA0CE58F37A3F263BA6EE933985D1A5EB489AC0B97938728ACD690020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065772Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151055.WMFMD5=AE710368F97C6FD66240E6F5A7CF346B,SHA256=AE06F8243DE414B4CDF56AB3D468A9334D5D79074666A9ED686F684252724025,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065771Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151047.WMFMD5=912308C3A4002C3C2014C2F56D05ADA5,SHA256=40941B9A78F403C204E9C1E299329AF7DBDB16E0ADFE8A8E3335E97388174606,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065770Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151045.WMFMD5=FF8DB1D3EF3ADCC70D81CB5AAF8303E5,SHA256=F337752B160F38F8D9552B9996CDB7A3C217DA975D9738710130D33286864922,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065769Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0151041.WMFMD5=914B229F1CAA0020010D0CBEEE636B0F,SHA256=019E01137DDC7A1E59659E41EC9EC3E4A2D47F6208EA61C157DA629AB206A290,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065768Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0150861.WMFMD5=5F4118DBDBA1821ABF618207E1D91722,SHA256=599C335B3DDC04EFA96DBED2452304AB41F16979E09E97C728A92F132CC066F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065767Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0150150.WMFMD5=9E468A49DF081866D5F5609CBF8E652A,SHA256=C1DCA03CF7A8A90F9BF43CA160B2C0E3A708014EAF188B00F18EE79D69B0AD4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065766Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0149118.JPGMD5=E2D4E57176F5A0B7BD65198D5A2703AE,SHA256=EC037BDAAA860F96C8CB5E0B7BDEE629F3035D29715B380592828B9AADCDB49A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065765Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.970{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0149018.JPGMD5=39DE0B970C66D5D5873F1D92DFC45303,SHA256=FAE1CAFC9BD8B5D3322D069E1ADEA6A60EF1F7B9561BE98B02FB20BB3B3598ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065764Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0148798.JPGMD5=576424F8A3B169660825AD9D0BF54874,SHA256=A66D1A667097DA70D1C16CAD3714097057389753E68DA3990937EE66575056D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065763Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0148757.JPGMD5=4983569052310E858F87F050D6989F1D,SHA256=6E39F33FB29EB4494E2450BF79256C693CD1B0E9B9B2ADACBB612C2665454BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065762Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0148309.JPGMD5=D78C28D364EBF14EC7AC59FC889611B9,SHA256=7A5559B132543608783789421CF532D4ECF1C50B8F93171F9123D1AC08EBE783,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065761Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0146142.JPGMD5=4F0B544A16767212A0BC092EEFC71D68,SHA256=13B5A98C0A177F59D94513AA29F0D9F195C5D9B97106F383B915AB8B179B7954,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065760Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145904.JPGMD5=B9CDA8F7DCECD06829999223178E888F,SHA256=7EAF24B293849DCAC502AEDE4D11031EE3D261D15108EE7681F0014E42A76B8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065759Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145895.JPGMD5=D8FB0C3E52FC8ABC07D92869315A1C96,SHA256=4C53C3B52A160380564A892557DF3BE8DC35E58E00E0E5DCAAB856F2666C667C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065758Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145879.JPGMD5=C736386E2DE22409764E6C8BDFF42598,SHA256=9FB6D8D98E7399511F3EDD4B7609076345DF8ED67A1B1BC4EF3E9EF5D2EFF891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065757Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145810.JPGMD5=1D6C738DF79B6E138005712E59C91B69,SHA256=248D3064DB5599FA9B6FCE515CE2F7CEC4B067875D6F5CB5AB3D1713DCBC64AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065756Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.955{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145707.JPGMD5=C57E8E779CADBE7EF05016F7D0AE1EA5,SHA256=831AAA6D335F9B60ACD69D14C6926A2B0052C771D27E5A06B83D366639F8F824,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065755Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145669.JPGMD5=21F7AC57587E01C238491E4018D6D95A,SHA256=B95B4A759F7643D60448E42AA3030D55483D3E36A024E090290A03C88EE2F982,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065754Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145373.JPGMD5=BD3E0A84DEE16BEFE59B284C06ED809C,SHA256=AA18B693F1036F1E949AF7FA6633007EC0FAC1F41B39FC3F3EBAE86EA178DD97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065753Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145361.JPGMD5=635C7388039D85D21472E1B722A0804B,SHA256=BD8CFEBB0A123D8E4AC65286B5BFE1E109348F23BDFE591EC7DA9D0D27A2BEA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065752Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145272.JPGMD5=D4651290F3C10101F5D0AAB4107C59CF,SHA256=2639F9199E85B2826664C1AC73F1F9396A33566D561FF71DCEC4918BF8B673B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065751Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145212.JPGMD5=7309E1C4E64FBFF3644FACC50235AFEF,SHA256=E66090839BFFCA5C6A41AB2EE2640A8403BA22D5EA5E1801245029E05403F1CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065750Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0145168.JPGMD5=F7CB23AB4FB811A05DAC70F33F24865A,SHA256=6B5BD05C1F89EA56520F146A1D71F25517A3FBA28452231F5822C480607EAD86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065749Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0144773.JPGMD5=E110C8258C3F6D5A9B71C145E96450CB,SHA256=8C806BCF7EC92B5E61B195AF7064AC491D9939BFA4F4E0B7A277E9ED53CFEED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065748Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0136865.WMFMD5=944A919741C2850598E914E4C449A550,SHA256=DF1796D8FD8DAD61F83701BDD6DF0C34A28AF4C52F4D41262EB0EFFEAF48EE90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065747Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107750.WMFMD5=7718E46E7638AB1C3491DB5436A8621E,SHA256=E342137CA4875030413C9B2EA4F1E26BAC03935516B4234C7684480532ED064F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065746Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107748.WMFMD5=51909D91C9CA7CD7107EFB4B7702007F,SHA256=597BE7C78D434E21238C048948C495B7245439E4EDCFA94EEEEADB842F44A4A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065745Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107746.WMFMD5=2A6A18941C9503B11C7F7F1D98AFDF81,SHA256=6279D6316EE878208BE89D659F782EAE5730C8F8F2B3B9BCE32B34649583AEED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065744Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107744.WMFMD5=F0E69CD59D38D13F7C980679D2FDD647,SHA256=A43A6E0A987673209F158E090068189BFDB38CDE49244FBF55C4ABB492D0DFF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065743Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.939{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107742.WMFMD5=8B2AAF56F1ED91A682FF3BB05D8CD14D,SHA256=1B07CAF09CFC4589701FDA2AA87EDB5858C03C553346E84066C8D9C27898AEBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065742Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107734.WMFMD5=B12BA7D9CE663AD086610B3D262D6023,SHA256=6F0F252B740FD9110195C14E9ECF9A0E69C8E3E4385E6D4869F6C9C1A47F5430,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065741Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107730.WMFMD5=943775CA018342BB28868E6D6D037A7D,SHA256=5B237457B8E49AC8DC19CD14F1FA801614367832AFA45EE34E1223B0BE34DABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065740Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107728.WMFMD5=819626ADB33AF8BE184A2E53FE704EB5,SHA256=8819CA9909774F8B463C4E7C1D501ED498E37293B4735D3AA50CE8FA8BAB0390,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065739Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107724.WMFMD5=DEE8311D355AB4937163A996B3C28407,SHA256=834BB2553C353A37C5A2DF9EE174722924872F86D42685D3CDF63C7F2F04AF95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065738Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107722.WMFMD5=00F974391410A8AD9CEC9FA481E3467B,SHA256=29537AC4E026FF3BB0BC5549C53EA42BDEE8149D946FAAD6BB593C2522C6CBB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065737Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107718.WMFMD5=C22612744F3008A71CD4342E35318390,SHA256=DE8645CB5C1BF82CCDAD34AAB593348AA73EFCFB84019D46E154B79FD021CB4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065736Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107712.WMFMD5=366205E100472ABC6C25A37B9D10D3BF,SHA256=7FE04D1FA5159DC4BCC5E9096414BBD9E379571F97C26A7DB1ADA254D6B68A29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065735Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107708.WMFMD5=08EE515815E8E98CBAA45735111B5127,SHA256=3CD46E00148E795889F9D57E493B92A567CF6F06DAA34C31401B93961F02FC19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065734Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107658.WMFMD5=8EC01AFA42AB29047BF12103776FDC1E,SHA256=47EE227352D9AF2BD19CDB81CEE5165012DFDFB2A15A0957ECBBE4A5AF7CC7F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065733Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107544.WMFMD5=C34CC6CE76E446CA00CCAEB23C72FB90,SHA256=D286BFD10FD8F50E50F4E622677646D25D9B3DD0F4F213A71694F1109893BDA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065732Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107528.WMFMD5=57741D53439E7F0F40A5BC3D9448E68B,SHA256=4A499A4420332B6E8BD26D29889A995E00B9D2BD4DE843ED0977C131DC3D61BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065731Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107526.WMFMD5=B45F0F600D9B58FBF79DE0B3BD428694,SHA256=B803415C94B1D86879E082641F8348CFD836E8229760FE9759A0EBB3926D58D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065730Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107516.WMFMD5=5D05874D64775301E36E9871985E62D5,SHA256=1BFF31C05CB2D963B81C06A77F167B1DE51E0F7D0D62C43DD055EA4BF59A0955,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065729Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107514.WMFMD5=9AEB86E0751AEB920E305609A4F2590F,SHA256=33EE907D02DB71DB8A2810B0FF0AB6D0973CD00C214115A3F021E89BE9340A4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065728Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107512.WMFMD5=7ABF18E3DA829D7665366CF1178A7842,SHA256=549B85D7C71423653B907C2E05B5B09DB6CDDE0B38FBD8204C6B2665EDC5F236,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065727Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.923{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107502.WMFMD5=364640992C3985078B3BB33BC7E73A54,SHA256=7CD0B11090616AFDE8612E87B3BDA0FF4A7F3E587E183BC26A027D51131454B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065726Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107500.WMFMD5=611B524C8ECA65B651DE57372ED3F020,SHA256=3189415AE1EBF74DEF913D35EB509C6D096901F77248504540854EBF5F07ACEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065725Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107496.WMFMD5=C2C95E46C58AFE035330BC060367AE5E,SHA256=A658FC64D16B2DD30B1D998EBC6A52162F8DF3E1F8B1A0BD6DADAA324D939F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065724Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107494.WMFMD5=F6A7D6B2FFA4FA65F025BF1FE935C4C1,SHA256=A0DEF73986D8375981517A885A6362B96C8F3A3AC9FA9A7284FA494BA2977AA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065723Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107492.WMFMD5=A91355E087BAA1D8B192D13C67CD9E00,SHA256=3AD06ECBF1396936D0E722F49FE16DD49709AF131DD08B53F442EDE3124D2E22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065722Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107490.WMFMD5=EEDBD471F076F06C758A9B9AD3D6AA21,SHA256=3C219F0D0E27C87650024F73BE99BAE4A03D4D22C1D46989BF7ED71BD5EB732C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065721Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107488.WMFMD5=7AA7CA12AD3E5B81C8E23EAC0240ECA6,SHA256=20147ED9A011CEF852F34F03ABCE09E66C4280A39EC450BE0BE54F8E83E50D5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065720Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107484.WMFMD5=5493FCFC07BCD6C9B6CBB8E69B4BF815,SHA256=510FAADC1A27B2406B6BA1A95A72000F3042EB334A4E3FF27EF85BE2475ED3F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065719Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107482.WMFMD5=1AD7CEB062BE8D3C514C7C50DB9E1F9A,SHA256=14D57FD09BD59BEF6278D9EDC9945E5E472BB7D6B03EB71617BEB5BFC39BF44B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065718Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107480.WMFMD5=FB4DC96DD72ED9F4EB2943C545697A60,SHA256=22CEA334C10AB880A7FD3A7866EBC9230B8C878B258B10C3CF8CF862553326D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065717Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107468.WMFMD5=D3DFD3C575BE9E56DFDE31BCABFAE58B,SHA256=D858ADB263629BC9359308D00CF5371496B2EBAE34873AA8C18C8E2C5FE9FBDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065716Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107458.WMFMD5=DBB87736AC526077161B495A50811024,SHA256=DC81D35CD59172924ED5266604FCA9514D97A49D27F74B0F26BA479820299194,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065715Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107456.WMFMD5=38DEE77861C05A84D6DCA078F3B5CAD3,SHA256=A0E03AB955F68425EACDCD7D8F506657044694ECC2E4BAC4278077D0F158DF70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065714Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107452.WMFMD5=1BBE451120213E9AB17015F51E0D51DC,SHA256=1D9220FD74E62A59690E7C9735BAEC519B245406788AAEE8A03D2014E32C79B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065713Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107450.WMFMD5=7D190466EA5675C118746FD5E5603954,SHA256=20CDE6BC38A8AFF5500D6B94E407D19D8A0AC308FBFCCEBE5A4D69AD95D8C9C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065712Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107446.WMFMD5=0049331B678C2C117C707BCB881ACCF2,SHA256=B4C43BEE779FAD570898415AB61B94805F6C00F98BB4A24DAA39C0917ABD5495,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065711Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.908{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107426.WMFMD5=318A83433540BBF81264371CB51F12F4,SHA256=0A3CA95E82551E68C2C4BF011AEB9852452BCC978D89843CFEE6110F9DEF7751,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065710Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107364.WMFMD5=4CA455BD6D13A7FB2E025813DF3D9DF1,SHA256=33460C2FA73F0BEDCB9D560B8D099CCE0511399E5B61A5379753F189DDE00949,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065709Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107358.WMFMD5=3B1D212906AB1C51EB5C7A131EF91B41,SHA256=831E2EF30A6E620C85283CD20305BC445D3CD4EECF9BD7489BA2D401FC1FA9F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065708Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107350.WMFMD5=B30B4CAE9D5CC7C9EE8943D987E6037C,SHA256=F38D4F6D5A3CCDEB8A5840308432E6FF815A33FE5897E90B87F147100DDB39FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065707Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107344.WMFMD5=77C43E201603BC030A944BD6FCC42B21,SHA256=746132F6A4D334C745AE3DE80E0BB40700D0D0CD30F6FD9116A01A22BFE8FD0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065706Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107342.WMFMD5=B01BEAD21B7E20F8D10425E5AC994C67,SHA256=2232774657214802A545B42440A346F49918D8F30EE750E76AE4474478731AA4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065705Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107328.WMFMD5=2593353C75AF6848DE8617ED1EEC992F,SHA256=8669572A1DF74737A59DDC90DEE7C17065D5828819F5B84AEA9184906088C691,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065704Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107316.WMFMD5=8F481576CAB51EAB9E0B403E0D6C8B2B,SHA256=9C4A8C1B6EB6BD35131C1356AD5D86845A98E4C8D98EBFD94E6A62F03352D777,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065703Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107314.WMFMD5=73F1A5C5D982E8EE2C74A64DBC41FBED,SHA256=D6CDFFEE68858179383E2EDABCF721F35CE1E33F3684E6E1B6FBBE42AE6C2FB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065702Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107308.WMFMD5=041F9284A3F9BF1427FF0EF8EF762DB2,SHA256=0750A9531F5B78955AD649A9270746D2C4FBE038271C586199842DE8AC82E67E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065701Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107302.WMFMD5=FA00557D51586714D7CF453C3A352ECC,SHA256=5E7C9564023044425A45100B61C767C7F9C4BF82AFF5E7DF53EA541356EE223B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065700Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107300.WMFMD5=1B68B373C07352AD7CEDA5C419E9E076,SHA256=13E80C7A17A285B7824EB5F522FF701735E51F5020D14AF07AD15AAD62EA7A12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065699Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107290.WMFMD5=E52B3EF5263BA323CD19F35DDEC7353C,SHA256=84FB66F62085A4D0FAF4EECA796C681A0E596FCB8171864C27883C804539834B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065698Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107288.WMFMD5=BD4ECA4AB9BD290854238034731A1BDE,SHA256=8F00960F90DF59F5F16F6EDF5CD78237EA102DAECC1514E7526CC6428576C241,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065697Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107282.WMFMD5=6DAE07F8CA485D215572DC61255D1174,SHA256=835938D00F054D1ABC2F26F66FC4DF95423B80C68012F1304A2B2C1247EE1C24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065696Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.892{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107280.WMFMD5=D094762BAEF1E379F29C9A62D233D1CB,SHA256=C69132474C2C0C0C4DDDA5969206B2FADFBB66E87F6401829CA993D31D82B83E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065695Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107266.WMFMD5=F225EEB3067F0617570A69BA1EE47FCC,SHA256=37712DC05421442BA1ACCACA2F9C2C9AECC3F1F12A7F97292F0B9A8E70B673F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065694Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107264.WMFMD5=F2B77777301AFE4E26DA77F492935337,SHA256=829A02CC6D9A93F5A0BBD146A8F7A7CD22978DBEC0C226BC5A056A6358A8D74F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065693Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107262.WMFMD5=D94A0C98EA2C4EFDCC6EE7F61146B821,SHA256=3B1F10F6F4707EBB6F88013DA0456774766E83ABC70E06B869685FD59E0CE5CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065692Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107258.WMFMD5=06D78413B1F2D78F5E3791804132AE1C,SHA256=CDD5040B84E3D3292442E36B5248C20F97DF33F88C42F020E0B67F2D697A6F36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065691Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107254.WMFMD5=17679B587243322A5438116493551B4C,SHA256=839444B8A0F2D71C3BAFA59776894C987D9E8404C0B52CEF65CD3F86ED35FF54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065690Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107192.WMFMD5=35245B106CB92CFD66AFE08AC2DA1E77,SHA256=392F4C2DFFC09E93150734BDB21C769B88FCC4060272D1B825D7033B2855BD9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065689Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107188.WMFMD5=1ACF0D5CB16037E046BFF2114BE41B43,SHA256=A45E360DF53799CD3B0224E4E448B176CF97447FDF8998CF9539C8139181B557,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065688Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107182.WMFMD5=D1A3501D02DFA12E0EE188510CB18303,SHA256=BD78457FE4253F11731E04546FF152FB40F72A0B5BD87F77707C98B240A3DCE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065687Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107158.WMFMD5=E7FCF3CD2341BA1EE121E0338D828401,SHA256=D65D5CE2F23BD06ED1D9AFDC9FE0A0D8F415D1E5F14BE216FDBE974B853ADD34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065686Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107154.WMFMD5=D83DC9F78B38253CE0E73A8E0A86A65F,SHA256=9476A1F49D1F7DF37B48A0B0C40FC6557A284A4D5835D37240E2B1D7BD0E9C03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065685Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107152.WMFMD5=AC1331EEC5484B7DB4EC5E352E49563A,SHA256=542675FFBC864E779C75FD5CAAAD0B40E4FD3254CBAF212ECF8C8A8048B7FBE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065684Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107150.WMFMD5=2992CBF5817D5391553AB1FEF43E4912,SHA256=C454D4EBC9F6F79A38D71D182600B0A20A9125F479707773F193A2ADC279F82D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065683Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107148.WMFMD5=CAFD94202BFD3A667DEE639A30698C38,SHA256=1E87F8318C4DCDFE68E0D029F5F9E170877175E76707CE2614E985E6F10C0273,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065682Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.877{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107146.WMFMD5=83673DE26BF4172F86A6FB0890C37F2A,SHA256=84A734E306FAF290DF94B91C796EBFD0139A21BFA89F61B0F6804F34970B991C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065681Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107138.WMFMD5=6BF8389BEFBDEC0C03E66EB756DEDB33,SHA256=85F8B3C4F1607D856BDA9A1CB1BF865A260704441A630DDDA91ADA4CA05B0BEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065680Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107134.WMFMD5=A2E03F1BD23B96CD7B26B0BC22B46B48,SHA256=82D4BC4008E5A2D49284D61FDA2580794C781ED7E3ECCD92BF28AFCC4A9B9058,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065679Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107132.WMFMD5=356C043D204FF7D1E08099061535B6BF,SHA256=54A4260A5413DCEF1554173A7202D8C0FD6506B42713381DD018D5A1E830B883,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065678Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107130.WMFMD5=988CDA7140299372FEA7BB8E3D7CF43E,SHA256=92EA912359B4A07EB342E85D6F40393E4F8E6837CCBDA3196EB812C1A5EDE687,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065677Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107090.WMFMD5=5BC07D3228DC622E76C70F5017722224,SHA256=1EF3DB9939BE5A270B1826544502C4D6FBE2A7E3415C1580EFAD1EFB6687C36D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065676Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107042.WMFMD5=7DEACE4E95A43FDE57408B22B43F5E4E,SHA256=6EBBF393AFA4CD94A85F56298DBD4552B695ACEA6FCDBC62F82F68E208EA4563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065675Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107026.WMFMD5=F366BF52755CB76DAF93FDE082F0F0E8,SHA256=179D89682FCC2823237232DA2529EF53F1294D43A5E8D78E41E741EDFD244404,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065674Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0107024.WMFMD5=CE7DB2DC022D2FD2FB6D3723CAF9858A,SHA256=A5EFDAA63E1BBAE94AA850B9006A4771AC34A47D9D7E7087FD09319815C71ACB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065673Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106958.WMFMD5=9CDB1D1C4CB6A6DB454F4AC30B4A63E0,SHA256=94D8E49F7C4C0DEC64C14B6FA4369D58B177EA030D7BAF7FA87AC2E543203FC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065672Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106816.WMFMD5=C9499523E37530DAA8C8712A43123180,SHA256=D9151DABBC528DA69807C83CE2D9FF3EE5ECA0710F34706F7C98F28BE27251DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065671Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106572.WMFMD5=578925099E09C5B35CC8BEE509A53852,SHA256=74D010E2BA2963AB521CFDFADCAB7673622CB4E772550E8BE4A1C0C2BE1DA1E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065670Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106222.WMFMD5=054F32AC8EFA5945695F755E0E01CB09,SHA256=13106A255856C81B0C3AD7F7D8E18614860D813083660557A4E1303117081695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065669Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106208.WMFMD5=AB2B9BE252CE5F4F9122937A5796384B,SHA256=66BC0CDE2F1064B73953C39F2B6032EA06769845FBDF561301EECE326E3FE1E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065668Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.861{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106146.WMFMD5=497C90AB3F1833B5EECC47CC282C05C3,SHA256=C9C636B7D336C41E264D75498CB10D2E0F7C99ABB90C30491FAF6E5949884FEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065667Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106124.WMFMD5=87CED83CFE30978738A07FC0F210824C,SHA256=B5D066CD1FF035A196611006CC2D4C2DCC639E4C2B9067335ED8F318914E5E89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065666Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0106020.WMFMD5=3F3A61B3CC0CDCF2BFBD1DB085F1E901,SHA256=9BD06E0678F80027B9DCFAD6862D597328B2A0F6DE042406382AE682ACCCCC66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065665Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105974.WMFMD5=9DF07C0FF0C02B9D40917F93903C4BDB,SHA256=A6E1C9B47320488AC544EEEC830CA4445E59A7611226CF8B2FF522F911D31EBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065664Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105912.WMFMD5=5C0CC3C0AC66C3CF4CF3F86E190067B6,SHA256=7923E9EFB490C182F4100AD0A5273A1F346A60127CABDEE8F863DACBD06BB53B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065663Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105846.WMFMD5=BB8CD0D3ADCDF6B8F9F2BC849E8E0DF9,SHA256=A3458FCC0FA035B539D88F456A6A8A28C9390C8565A0E96C886E43847B642EC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065662Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105710.WMFMD5=45F12CAFD879C17BE18256E150F08417,SHA256=67260535E310FF32BA935D3313EBDB6293FADAA38AA4BACDE72E590D752A6711,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065661Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105638.WMFMD5=0DAEF4C4F141344A3528BD582CB3F4D4,SHA256=FBF503B811AD1E2D3A0CBE039E18E193DFFF0B5094FBA135306814AC4ACD3D16,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065660Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105600.WMFMD5=C7C6BCCE332D4B57E031EC6B6B772F0D,SHA256=92EBDDE2887D7589BF1285AE76B3BC7314B10A2C0DC499F2DD4B1052D877A900,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065659Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105588.WMFMD5=8BB300CF21CD95146916EB45FA967A3B,SHA256=63D275FE5D5D1AEEE3D61662C489438F7D61E497B572FD6C407DF1E204F9502E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065658Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105530.WMFMD5=00E1AD007BB2C31C4318D2756FAAFC7B,SHA256=81D050AF99C7949AD181708B6FB31E24BD55E4FD8F31BF2F83C7B95F54FEEC5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065657Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105526.WMFMD5=36B19501DA5BE786CEC262EB5D07D9D3,SHA256=5166D94E5F3DACF703031E4E02478775BDDB817F9AD30CA0A03763EE819A21C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065656Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105520.WMFMD5=41FCF5A113BB5366A89270128A07D144,SHA256=E8B7F0E849134B38A4BB949682DDA7D427A5687B9DB21403DDC5FDB065BD7C27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065655Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105506.WMFMD5=507E8D3B91579751D96AB2BA4E49E978,SHA256=CBB6D15105E730FA0B686EFC4529362DF3753CE108B650971B3E09EE77E61D22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065654Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105504.WMFMD5=C1A8877646FC290D81BDB5B290E73BC1,SHA256=AE7420D5B055ED8BC60AE365107B5A0E900FF5FB7A57F73CBD2EA3CF80D3F6C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065653Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.845{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105502.WMFMD5=8E378EE3A10A4DA2D0C5A49F22E07145,SHA256=CD65CFD3D4D83A9DAF9B1021CD9B4603BD4312D56AF53FF2DAE74417C5CD5DD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065652Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105496.WMFMD5=DA8006AAD13BDFE8304446F579FC41EE,SHA256=2B7A193FE69B69A6B26831BD1AF1415690EFF6B5C01106B4A585ED227208CD4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065651Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105490.WMFMD5=EC168C0B19FF733AF7B5AAD07570F20C,SHA256=735354FEF0390124268E020B25A6B626AAA8CDE7EDA5E79F2A97CDAD668AFD6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065650Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105414.WMFMD5=8F2EB8F37F2E05F210ECF645EAB328CB,SHA256=1B5A06B342C49C583A64A100EE47B269672C7F44E98B9693D88EB9C478C8C8EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065649Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105412.WMFMD5=4709D5EA8D981C73BF8C126C4DCC53A3,SHA256=327A1EB2B240B3D1A1D04E845A0EF4970C2B3234F15E9B8C0628DF545401430B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065648Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105410.WMFMD5=4FB0FD3E8581B1FE2576D195FEB28BC8,SHA256=53FED022842F0524A0516597FA45E1238D25CC6A0CF491BBEEA2EAFAD32244EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065647Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105398.WMFMD5=472687ACB19666CBF38EC5DDFB918285,SHA256=1B050DDA2D67A9D55C0C1AC73897F2DDC5861BF017A55F1D1C1FDEA42BE2C4B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065646Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105396.WMFMD5=084C830EE7330EF503027F967FBC2525,SHA256=29D2E1B9BCED3C63039014B58200B836418C156DCDC868BD8B3D5FF61F7C7788,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065645Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105390.WMFMD5=ADF471D7B868F5B0C51B8277069A486C,SHA256=D597C66DDDD84525C80F5B1BC72490B9FC36590927D08ABFA6853E1ABBB8AB98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065644Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105388.WMFMD5=0AA34BA8A4B5386BFA38BCEF2AE9EDA5,SHA256=B65645593A47D3F66BE438FAF696D13F5EDCE96B80F3615315028630BC5A244A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065643Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105386.WMFMD5=B8D392C770B3B8AFE9DEF383029FB458,SHA256=E8A3D3B5C3741E36D90589A6F1D36D94B8491EFD6C03BACB89DC1C1A0C1B31C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065642Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105384.WMFMD5=470963083B788679DDCD965D608D33F2,SHA256=2FC19E18044F0306BED067CAFA8C5032A89EE8FA680616F973AE8B8B7B10E0F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065641Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105380.WMFMD5=60C63521C10CD2548A89D9318AA159FF,SHA256=F1067A8D89599432600153FF385430A189B8832BCC4773F186F5580149E360C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065640Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105378.WMFMD5=429750F9992A1254227A4FC45E5ED178,SHA256=18958D2BDBED5F523D02FA49D2F27EB7E1B3770F8E31E99D66C69D58F080BD63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065639Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105376.WMFMD5=9FE4717914C3C54BF1A493603730BE57,SHA256=7D70FC6095656580EBB674767F0145BD9B9AB35207CBA05A3520195836AD6CBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065638Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105368.WMFMD5=A94D1FB017F697AC6419E9F46F08F90F,SHA256=D3E4219BA1F9FAC56B93E50CFAB17C6C3066DCBC0AED4745387DE27D17B5C162,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065637Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.830{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105360.WMFMD5=65838BD6CE7F43D729A3A6944616321D,SHA256=A8A884387D636CBE0D3E07F47AEBC4F7EF75732757BC2D95616567AF40AA9407,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065636Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105348.WMFMD5=CFA5677F0C76D80296FA2E888EF7A028,SHA256=82E0F1747EEE528B4B4A71C7C04782FFA2C2B0078440AE9FEF377D043A75BBA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065635Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105338.WMFMD5=593CCFC7E0E754AC4B370674B39FC90A,SHA256=77C02035EE0F152EA02FBFDD576A938D37219D822BAD59854677A7794DFAB60E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065634Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105336.WMFMD5=9B0DB92D6CFA04B5F95624653B559095,SHA256=5E6E2B8BA1FBAC744A7105B4A5B6A951793624820ADF87186DEBDB39A979675D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065633Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105332.WMFMD5=05FB46A24744D28D52481CF38FDBE5C5,SHA256=7BD8A7D3AA0C71AFE319100040B8D9484CD12C17B396F9BB0D308EF8B0B2E8D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065632Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105328.WMFMD5=A0C25AF28719C99B4F53F1E94B74446F,SHA256=75534AFD9EC34D02E766A2DB370D09936E4A56A7576D327D25FBFBFCFF16C60C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065631Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105320.WMFMD5=1DBCAF6EC556BB7ACEA0170C096190AF,SHA256=E6EAE6B27F40C72CB26F937937953AF3592F243C2E872E300558D4D1EDB04829,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065630Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105306.WMFMD5=13A5F66AE7D4F9DF0953F1B0A0CCAA79,SHA256=6BF9FC089AA2C554D001F0EFF7247A9F133A4C574B9EA70B3E2119F4521AE5B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065629Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105298.WMFMD5=622A3706C973A6CF080AE181C600F67A,SHA256=70AE41B34BB27D613C0F803DA2F470B96EE5E353CE20FDC7C727A9FB03C38D87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065628Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105294.WMFMD5=DA844361E239E0A5770D2E37E5A2448F,SHA256=972611FA78DE7515CFEB98ECFE409B48D96B1EE5045707926EB4C2E212922A9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065627Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105292.WMFMD5=120967E98FF095A62B10A1D6F7B902A0,SHA256=C01647B5E79F83BA08E9B015209DE5671862CF172DC750A5357BB4853C5981EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065626Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105288.WMFMD5=F963B0BEFDD25AA5EDAEF61EEDB88669,SHA256=3FDC24DA587DB826776BF7A9BE5AB670DDBDB8A7A7EA31919925EDBE6F8A64EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065625Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105286.WMFMD5=F423ED2FC09B3D2E337244D3A42F49CD,SHA256=497603F27B9903A31625D6267300AE19D3AE3DF181A366D84D765E8D79C5E257,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065624Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105282.WMFMD5=D5FD5F292CA212CD8533A064CB4FB881,SHA256=FC296118C1D39C3BAA60C9E73886D43A9CC0FC22196345B90F2F58A805D30AA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065623Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105280.WMFMD5=A05A55A5C88D2627A59184A1E96A4DC6,SHA256=99D06584F75D113A2D970C9320DEEB3A0CB335414C038ECA9B97D6CD40ADEF66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065622Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.814{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105276.WMFMD5=D6C811D6806433228585024B7A9BB002,SHA256=9B926438B7AF049D31EF5B9404F588AAD942A5FB0D55BE4E2902422FFD479A66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065621Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105272.WMFMD5=F81D30A5287CE6BAA3B26BC7441E1C39,SHA256=CFF43CA24B9B6E7A7EC79DB155FC607108D7819012EEFFC4C5F122FBBCE27FE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065620Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105266.WMFMD5=ACA4222C623138E4E659F03F403314CF,SHA256=7EBF4954F49C30C15BBA53CC706B70DC747947A6D399CB49221C30D48F1D70AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065619Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105250.WMFMD5=93CEBE7AF61FB4FE512C43B281B2FB4E,SHA256=395DB4696C5C287979BC9E0CC3FAFEB2ECC20E93F5E8479F01B7BA8D618A2705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065618Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105246.WMFMD5=A0DE85AD71B087B75E7D593ED1CFAD72,SHA256=4C842A41C85FE36C3DDCED2EC3CC1A7C49B8A37CED1A438E8638F72A28D22858,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065617Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105244.WMFMD5=AB02F354DBFC959044A53A3D7C755025,SHA256=95CBDDDCB6AB52F877E34C65879F2C3D619250000CCAA7BA77FB732A43FEB8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065616Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105240.WMFMD5=E444FE3C8C28B819318BB6554B7D4F15,SHA256=51DDA91D6F32A2A35D1354B0AD197F626812ABE2B6F2C3758403CC3DF762B75C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065615Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105238.WMFMD5=AEA4E94E04CE4943D6838A5CEB2EA2EB,SHA256=C03C2671ECD5BC0F60DFA9E3227BDD08D6FBA8E61E60A287FF93806769BBFC7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065614Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105234.WMFMD5=D203788E263CFCF8680A7BBCAC861D3F,SHA256=FF2F06F3C9AC0887828D382F9C28044D6DA782B86EE4CFCB5EC3AEA69BF1BC07,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065613Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105232.WMFMD5=1E833C4B45A26D3D8A83C99676BCF7ED,SHA256=31E67B41D147234192069BBF039D824284097E31871BCB81A29E9899AA9697A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065612Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0105230.WMFMD5=D2204742E7BC7879DF1508D2DCA1CF78,SHA256=C89804FDD62A2008515EFBD34D3F2C59C46C2B6C9090D97B88DDE0ECF18AB4DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065611Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103850.WMFMD5=0DDD8B7D8E495990878699E670AE0980,SHA256=C6756530608B84B31559B966A4A5A272C51494BA149A1C69742D990475A761BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065610Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103812.WMFMD5=D76616113168AA6B118CD9DE2263C766,SHA256=4FA9F6C33FE41B236E68FC35D5D7952F42A9796FB3C420699D8D84A311A2A514,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065609Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103402.WMFMD5=56DE5E80F8B295189B17397554133543,SHA256=B1710AA27FE6CE1703F35036A0F840CBE5885A60A814E64D69F399CDC1164C44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065608Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103262.WMFMD5=2B8120EC67CEA5278DB1D0F559F7F168,SHA256=EF4B4F54D046B537B60278870BC386869007D76F39D03DA527CFFFDBE389243F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065607Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.798{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0103058.WMFMD5=C98B1CD4D0D59608207B55CFC3568902,SHA256=63C6F73F890B8A5C9150169AC4BCE78F6F0DB848895E05309DDA76CBB083123A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065606Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0102984.WMFMD5=4042321CBE21358A171449C480B56501,SHA256=BF9507C52550D48D6333CA629A0466555DEE48E9ACD6DA668A5E101417A481D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065605Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0102762.WMFMD5=E0147252856208E667A0E88CD5D78F6C,SHA256=FA7E0DA3ACED4D60D8DFBC5459231854AC4F037FD885B2EED7511D31D6F462F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065604Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0102594.WMFMD5=FD56FFD58A93EC30F8C91A21A9F7EB95,SHA256=942C66DA24895505391FB86E0D591F22AFF2D60367AE8AFD0563925639940C11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065603Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0102002.WMFMD5=F7D5C3F699C613C725689DCBF863A773,SHA256=F9149AC580C60508F11AB86C396FFD067F21CEF2DE47BF45C7AB13B244619618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065602Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101980.WMFMD5=21AB736FD3A8980E9AC3289CECABB3CD,SHA256=6ECDD5CB9C315169C087429CDFAC442BDFEE8431F26C3A1F7585C3C4D4E60AF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065601Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101867.BMPMD5=5969BB97758418BC85337E8813A25790,SHA256=9407C653E6574D60859AA595DF06CBA4A252BB3F256293B9D5C038F3E6E86D18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065600Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101866.BMPMD5=ADE36BE922177A374E6F9C0B3796C03A,SHA256=5F839B9FAC49331D3F7007392C3C30ACF90D9E546BB960F4E8F8F39D80D248E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065599Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101865.BMPMD5=478E7ACFE54D464D33913452FDA8100A,SHA256=EAF744F6E89141D1CA6215BBD46265DBB0A904E78165FE373A1C2B979C26A76C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065598Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101864.BMPMD5=967C5ACB8C48860BB927BBC3D59D4BF4,SHA256=1A22FC2BD37BBE4344CC99428D9095E111C70328621036894620EF516B033F27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065597Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.783{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101863.BMPMD5=906029909273F696C5AE274C1910654F,SHA256=CF5FE1B9631B6CDE174C57B4A2D9F8E7922916CCED95DA336B1B37B716CABA7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065596Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101862.BMPMD5=391DE3BF5FF50FE8BE74E9D5869256D7,SHA256=43836A8E069E998A2963AEB70A9E791798BE3C84F28F97B2CB09977C5C1D7F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065595Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.767{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101861.BMPMD5=78990098B71358C48929D92ED0A1218D,SHA256=616CEF9B2B2C82C4D7E20FD8A495BEC6C259072DBB9F845CEF41693043B5387F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065594Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101860.BMPMD5=74737E6E2DBD946231CA66A171A793D1,SHA256=6C2671EF15A2F31695B858D2E634C2F1A6BFEB6673A187D2C1498EFEA52FEDD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065593Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.455{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101859.BMPMD5=65148E78C17B18569CD15DE69C9E60F2,SHA256=286E6978143774E81A2DB46C945FCBD9CA548DB9F8108A7D35D412AEAD8FE8CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065592Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101858.BMPMD5=72EC91EE27347B9B4D93DC0AF16D54B8,SHA256=AE217780686EA47991C7301D37450A2D6D9C45D1012D605A298EA78300DE91E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065591Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.439{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101857.BMPMD5=974953D10663B442D766E90CE8D8CAFA,SHA256=2E77E2F1888BEC48B77BBCE80259A1CF4C5789840835FB57555ACE2C77098FEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065590Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0101856.BMPMD5=C9C4D3013A30D8A44B990664BEF89821,SHA256=49EB09953AA29B7DFF1E3B466B31B68DFF84532ED66143450C51CAF2104A5530,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065589Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099205.WMFMD5=89ED7F99A2CB9B2F812ECE8886096D13,SHA256=72742EDA22BABBC079E9AD07511D8BA3FC0D215D6948A01A1850C38169F80021,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065588Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099204.WMFMD5=162392D7724094C46CB5D29CE47B2A3F,SHA256=0337709628225CAC2E9F10EFC2CDD796A79BE6F075756158D86383C34A978526,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065587Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099203.GIFMD5=42B8BB781EB1DCC9191EC1C95FA8B454,SHA256=08B2AF562C2527C78E04978F1452AF871D19A9A7E28DD5978654E9733F68DE23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065586Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099202.GIFMD5=1D54B7277F9856AFEA89547A5065B96D,SHA256=8AFB7FCC4E788DBDE3494FF4E1343ACA018283105569BD6A8F0459E2118C89DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065585Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099201.GIFMD5=AF05D4D4911B97D358EA8DACD0A32BC9,SHA256=B119040094E00C99C34166C22963A6E6CBC010B2D517BE935FF779C0E0B03110,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065584Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099200.GIFMD5=5F397786C72AF73BB07993B1814D56FD,SHA256=A808FE7009EAEAAC800FBF8BBAD568A9C5EA3D25D9775981171DA3663C1BC2C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065583Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099199.GIFMD5=CCB6733B2B37BF04B8B49553C447346E,SHA256=4E8AFF691777B10CA1433F867002FEFC677CF3016CBD3498F437AF71104B2E36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065582Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099198.GIFMD5=DEE57689F8FA76BD1688A67ECA26485B,SHA256=B8635A1EBD59E71C0D3B88A972AD07D4646CAC8025730D4D5E7F125CE625A264,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065581Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099197.GIFMD5=5A2C5F32985171CE1F5B5068B9044F03,SHA256=E6EFDA472AF8678BBCA3AA272650AE1DA89AFF148521B05D73EF1AAE5D6D0384,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065580Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099196.GIFMD5=AB2F28FA554F60A685B46980470290CE,SHA256=F7B354D26F093FF4E32A5A41BBFE36E855BAD2C925AEECCC3DE30EBC1599E993,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065579Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.408{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099195.GIFMD5=A882B3860978598A64502FD5E4167D22,SHA256=FBC7BC1F87E4EB95D49337B55AD61B1FA60B3C431C6B564AAABC5DBD0ACDF667,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065578Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099194.GIFMD5=A3E75EC499FC10BB64F31AB67EFBD103,SHA256=0A58E226AF4738303DE7335343DD3882E65F720A95548429E26F208B62E0ED73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065577Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099193.GIFMD5=F5E8E2020CD6315EC03C45D1A93A2FE3,SHA256=49E82B2521CEDE2041A681929F7EC4004FF15246627C0ED2EAED4B767E9AE1CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065576Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099192.GIFMD5=3C31ABC4D2FE5B18827F6EFCCE82A1EF,SHA256=1395BADEF1FAA1DBFD44972A6BCBF63A6089F1645E314BAB7A525FC425AE710C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065575Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099191.JPGMD5=C98BCA175E1767127C37906DA018863D,SHA256=F59540FBC069F1D7A35470E94C68BB71E294D9293B4DBC9A05DA70A4D762325A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065574Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099190.JPGMD5=409A2534F17BC2267E2BB81462845B75,SHA256=972AECCED97B2BE87950E0E2D5F53CEB2B052E9C0FEB5EC9514277E9B6BA53F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065573Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099189.JPGMD5=8EB61C9779A7847AA75D1C966A46DCDB,SHA256=08A82BCE8618EE162135623EAD1B17437136AD10C994FDEB4C72884582B14B9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065572Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099188.JPGMD5=FF028051D2BA65344280F2422A76599A,SHA256=A97EBF9BDAB755E700A14347BBB9641C0BCF4DF7EE63D0889D45C3FD6A6D45D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065571Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099187.JPGMD5=E46A4BEE53AD6465BD1506A904C1DAB7,SHA256=AED37F8BB12227D1E0FAE9C618EE96000735CC16B61F12501C84CCBF48ABB837,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065570Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099186.JPGMD5=7B1E142606D2F760DDA1B39FEAEF2ED0,SHA256=162836DF23EB6C625AFD0C56C9EB9BE5D98D86007C88A925C6C0759E6E9848C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065569Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099185.JPGMD5=60320A32433143F246B8410C1A15AA3A,SHA256=83791007407BF45170C67562A8978A3319BB8CDE5B0854976528280AFFA51D3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065568Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099184.WMFMD5=A2701C3BC3E56606198B56BDBBD8537D,SHA256=6FCA1E4A75EC886D3EE638901B0BD96D41B6C882613DA617A5D7B963D982BA67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065567Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099183.WMFMD5=63CBD573E7A58AB44A9EC343CF831844,SHA256=6FB8959FCAF8B5ED2E75A367E318C44EFC44EF678614ED100E0DDA7A42A3EBC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065566Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.392{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099182.WMFMD5=10DEE097815F8E78AD0F399AB26F7936,SHA256=6E35C3D5AE9FB62126205E6349409584B06BC4631B47FC2B901D2DAC7ECC088D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065565Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099181.WMFMD5=394EEF03D573B19F1EE02D42DF750BFA,SHA256=A8521B2C132087BF2B36E7622CFDC3016B0D7ECE70B39E1730668BE9BBB304F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065564Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099180.WMFMD5=E6A29AF5A3EDA51430AC45AF3F9CADE0,SHA256=32599425F0ABA4FC1BCC2E1E7477A309F6DC31E4758915B4CBF4E0D689872B43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065563Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099179.WMFMD5=6CB813931D26AE3C7184A7CC6EFC1E29,SHA256=A0E40A54C341A59662CF0F69D20DCAD4F394740F41E41C260C2D1ADE088DB3C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065562Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099178.WMFMD5=42587AF8C91703B78737D9984732D735,SHA256=94E6A10842A0B843C6FBBE82CD3998F100BBFD5D47870BA810EDE58FBF454CAA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065561Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099177.WMFMD5=94CE3E7EAE955D9B6D1937A9A60FE243,SHA256=5B676C7CF7A653C558DA75DED8A7C0EC92E7A0DE3B1391FB5EB3D6AA9311AF78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065560Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099176.WMFMD5=4ED9B0B1C4081446BC2E336F2C071FA9,SHA256=13F5BD3D4E67AF3AD2B3D0A5C48B19184CB6B3BA6EEC26D50C1098C8E1FDE65A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065559Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099175.WMFMD5=5556FB1FA133C42A561CECF9AFFE72F4,SHA256=B38F33B5955F92791FF99F283716019BC7CB140C7F188948F5F410B13DD3BCDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065558Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099174.WMFMD5=5A87197750FC417EDC55FF08A338A8E0,SHA256=15A5E8B580551836AB2536F668E794F91ECE0D25562AA298F1C4A548E01B6180,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065557Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099173.WMFMD5=DC2E00276B20DD5AEEDA69F96094A1AA,SHA256=7A4C95B1AB90EF60B607E724FF5B1E0592812A1D363FEEC122057C0D943D205E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065556Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099172.WMFMD5=028FCE456E9D9F603DD988A44A2CAE57,SHA256=33F61F1287562E6ADBBC58D529AE350BB318031517F53EB5FDB7058A04923796,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065555Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099171.WMFMD5=6DA040777F26F86178866D9F8A04DFAC,SHA256=661FA26D620E33F9EA0355A127B73CC3AAB7F9DFEE65BE8499A47CBE0890AB9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065554Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099170.WMFMD5=800DACAA5B96513ED840BAEBB748C724,SHA256=D05060B0E7B5091EA2FF75CCA1BBF8CDE0D2DBED783DA875AE0DC4B0698E5D4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065553Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099169.WMFMD5=190C4BB5BEC915371D2DE705A6B54B25,SHA256=A1B63CB432A5D447C8F33084536851366E7A424C218E4AB93F07DE09E417D6FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065552Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099168.JPGMD5=731683311B5BE2DB024601B2E185AA49,SHA256=382667AC11D48A880A63EECD7359EFFAA8DC9DDA204BFCF33AB07EDE7411D3C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065551Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.377{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099167.JPGMD5=8C462AFB795E218F3CD5984E04FE2F04,SHA256=26BCB572BF8CE82DCCFA90F652FC44693BADF90C3A8E6409339C95E650611287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065550Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099166.JPGMD5=80DA28EDC3C53FB5B3CEA4D5F0F14E93,SHA256=D41158A4F1378D071AAFF971017B61DF30056BFE90D9D991124D00EA7513CE2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065549Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099165.JPGMD5=534728CA45061701D6786F42AD1E8557,SHA256=873087D980676039D8D2F2DE58F1D202CC868E451631AE795365E145421F1346,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065548Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099164.WMFMD5=2E9DBA38B0A7837A009EC7D3F62B0537,SHA256=F739055B643E1E83F16734FF468009631BC49D46251733788AAE03B05E34FB2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065547Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099163.WMFMD5=F477BF1C3752851BF16600B5437318DA,SHA256=7549BD73B5178EB65F12F09D5CDEFBFF81FD07148E5708B8583D30CBF42F06CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065546Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099162.JPGMD5=352AF77E708AB53E79A1E4D0B68BDB52,SHA256=16AA85AA36E37F8A4C407D620147C0E6D7A8252BF5FF5A9E9EB9EF4E13B8FB15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065545Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099161.JPGMD5=8B1F2F4F69D6D8B5728EA8A9F31665CA,SHA256=BCE8EA0BC7AF4787D225B8FBEB2EC5690C066551D89D9C1317BFC34760CB83D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065544Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099160.JPGMD5=1D0FEA5B3CC0BB000226C193C2C18D30,SHA256=5E8F287D26238B1C2F9D50FA3CD202C3D788A4CFAB75E940975114336023D900,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065543Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099159.WMFMD5=A43CE59ED98F2D159924474F463DD585,SHA256=3F4F074C488EEC5A2D968BB3A46B302253BD4B3C0D684CDC43B5B23ECFD5AD12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065542Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099158.WMFMD5=54419003F779F6D274AB6083923F019F,SHA256=B8DEDC3CAA967D8730AF09FA1DA29AFF4D50808E819573E8364C80D78B1A93C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065541Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099157.JPGMD5=7EC27E52E31BA37833DD01562580A837,SHA256=D689CA774A7DDE6BA8FEA6B976AD08641DAF0BD0330B6447F56ED2277DE27B0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065540Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099156.JPGMD5=F21650ED969A963BC76340E158DE559B,SHA256=B71C1BA71D3C05B166D4EA401FE51CA3D84841C9AC328B945B832DCCCF527937,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065539Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.361{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099155.JPGMD5=6BA77CCF7D4CD3D2F6979C93A0DAAF90,SHA256=3BC7600F462B823BE4025C6352A7EF889286915D591522959B18F7CF6868B5C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065538Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099154.JPGMD5=F4481858D5B6433EE85383CC89429398,SHA256=7409DA6BC5A71B1A05BFA8B435E466814A443F25E452AC44CBDC2295B52D5280,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065537Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099153.WMFMD5=574360E3FB73BF13DFC8F66599911111,SHA256=CC742259761A2BCE5B1B1A1C005E817B06696F2EB15D6BB8FDC4B17129CD6BFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065536Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099152.JPGMD5=B350D7E37BFE3D050D6FE82C9430C1EC,SHA256=BE9E344744341C4AFB624CB9119E958F62C813648E61A4614C06B6BB1F1CD8DC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065535Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099151.WMFMD5=E48FE6ECEEEF045DB564CAFD007A0376,SHA256=2B0F5B140C4FB9BD376047FAA0A0C4EE227AF1875C4C2385F62570D806E9F8FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065534Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099150.JPGMD5=12BA6ECBB5EDA27C94FAA20B1264927A,SHA256=54A4B1E50E6FF5B5A3CEAA9D7AC5C54172C8CF63B114A9A9AF198D9D99445E0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065533Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099149.WMFMD5=3971729E3C05C37367CD2A18B43BDA3F,SHA256=AE204FBB46B3184DB3E040761686EBB149C5D6F78C257C048851671F868B9F35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065532Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099148.JPGMD5=8CA2B8EC2ABA0864325E9FE22732E4CA,SHA256=C0A8772CD037CAB574324125F1EE7D22269937DD4B5ADE852186135A97FD4E4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065531Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099147.JPGMD5=291217B4D93FC85AB48D7440ACD4037B,SHA256=6CCFBC8550A7C939EED2DDD38C5B3F92B5BEA0888A82F068CB75B9F744D89600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065530Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099146.WMFMD5=52C9CF5262714C9BE4857652F0531650,SHA256=3F2A003967E01496CA292330E9C3AD1833B1EA8D5665ACDA9FD74A04DDEAC964,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065529Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0099145.JPGMD5=68532E607C4A9694FA85FC0C1E384124,SHA256=BE8843FE4D8BC1B0C09B5FDFF04E4F212BCC4F2FB95F0C6ACA1A9CCB5CDC47CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065528Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0098497.WMFMD5=2E79E8868FFE5D8DEFC5C625325400F8,SHA256=F39628AAD1548FB9C1780A4E4E272F1F248A8162570382952B19B147FB32E4BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065527Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0093905.WMFMD5=6BC0C63F51D573BF1579C82A32FEB208,SHA256=B350D09668898AEE423D29F5AD680518569786B622A62E46DC03DB82D7818190,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065526Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.345{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090783.WMFMD5=0CF80446962C72CD26C8FFB8E31819CE,SHA256=1FBBB6B84F6A4F8255CC541CD4A1B2A55ED567458B4C13D5B6E1A4A0595780A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065525Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090781.WMFMD5=A8A8DD08D8F60B4A0A2619C44A40CF55,SHA256=FE7E99BA0B9D6E5455200539AF5CE69FD78A960D40CD673FB7F2BDDE6ADEDA47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065524Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090779.WMFMD5=7C643075969B02656579777359A0E282,SHA256=2E4E952F19E30EE2A4067359959B187E91BBCEF4CD1A485B6F93764E19DEA1D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065523Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090777.WMFMD5=5C1AC24D4455FAA950DAFF89621C6018,SHA256=FF991F15EE5D3DD92706E4848FB19B527F532EABD519DF8D92F6FCDF7F6EC45D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065522Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090390.WMFMD5=DEBEAD8934D3CD92000C54C31CAF222C,SHA256=BD180857ECB88B15ECF04A51FA9531D18927DF0E614AE7166753B18CC39C7839,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065521Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090149.WMFMD5=FB3904AACFD898298E6F7B5F8474C9CA,SHA256=81DDA09593B1FE2CE42F836A4434F322B61BFCEA3A538060008B440238011DA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065520Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090089.WMFMD5=62DF021BA01DA185237CD197CA3FACC9,SHA256=094FB3D7B8651DFC5AB9A92D0701F39C424743429E78E5FC539EB59A1D4D93A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065519Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090087.WMFMD5=34E26DE80B8A08EB760FD87B9A9A5D0B,SHA256=B2B51D06108893E9E6AE0792C08C84B5FB2AC3CC5F245A8FD837C0AAE1AC3A6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065518Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0090027.WMFMD5=E86999E9F83ACCD020B25B73BEB986CB,SHA256=CF1C296C7344A20810444636B8919B418149C2BF8532F29CDDF9CCC6ABA9480E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065517Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0089992.WMFMD5=8A8702D4B8A265F691770611E06A5192,SHA256=C3C2D2C1891EAA7DD7104E2CB66F7F9E256F506144CB2B8E2F892E549F586C09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065516Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0089945.WMFMD5=D0F4FF3B8CF1709B44E940ECF0674D6E,SHA256=9072E65827CC06C0BEF5309CAA4FA688DA7DE6289E21069460D52A8FBD531ADA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065515Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086478.WMFMD5=45CAA592B2801E10727F41C49C0DDEF8,SHA256=F86EFE833F0630B0B1CAE55989C2BA08F13843681AFDD822B130187E69C064B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065514Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086432.WMFMD5=25FB32AC3BB286095F230844445C3E69,SHA256=2BABFD2C1716C162434AF6C147F5B0754CBF98BE110A6CAE531486FE3B3218E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065513Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.330{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086428.WMFMD5=2143DF0081E0ADF971CA7EC4154A1EAB,SHA256=3642AEEFB6C01C11AB9CB713EE0B67CFA7967E4B9CD47510ACD55CD21BB7191B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065512Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086426.WMFMD5=EB97B22589C6FDA232FBFA1B85AC1073,SHA256=D6E55EC3CF055B2F9356CCA83B6596A783C1C374E02D134FFD840D8440D30644,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065511Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086424.WMFMD5=F2362A659A7F84BC309571D4822BCAE8,SHA256=1E83D9F9B9FAA324D5942C5125A01BEEF57FF9DB0B9BEF22D62717D670AC367A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065510Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086420.WMFMD5=603BBEC007ED7935742F3DA7355CF533,SHA256=6DB82246CD4DF8519A293DC5D18604E8CAB274C36645FCEFD83068512C61CD69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065509Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0086384.WMFMD5=C2644A54BB147CC26C65F106590EB766,SHA256=6DBB169AAECBE982B6D0C082F2001127087720BCE3741CF6921DE383021D85C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065508Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\J0075478.GIFMD5=62A85E60306AA561226FA1EE64FC7C51,SHA256=5BCC9C1106F4BE08F6B1A4D88F64D42FB80E536C65A023B1B084EDB6372D3CC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065507Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\INDST_01.MIDMD5=46B9C43766298DE9A91BB7B5C81B09F0,SHA256=7C3D56B1096A83FEFDAB543B15DA8371070CE61849557638281B4B2B07BF23E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065506Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00957_.WMFMD5=6204A2325F6E15136EAED76C5C594499,SHA256=E39454601F30002EB27323CDE6DDE8FB0B9FFB4EC2F95871B21ED5F77AB4277A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065505Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00956_.WMFMD5=5BACBF7DE88981F080A6F93670C9E678,SHA256=B215B973B288999DCBE967692516112708EA5BC37D4257221EF72A10A565DE58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065504Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00919_.WMFMD5=8495DDE5F8BF138DE9E9B14D22C4F6F8,SHA256=ECF20A5EBF0049AF922C2D78ED9F5CB0B91C3823F9DCF7201B7C6391F1A9E1DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065503Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00915_.WMFMD5=72648692F97450FED7ACBCE8F99DE66C,SHA256=4CB7A21868AEAFFDBB36730CCF4A61E428807A2367CFEE4A8135638776D35936,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065502Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00557_.WMFMD5=D8A4373004FC89BEFB4125460ACC4849,SHA256=EEB7E25A9DB6A173201DFB8F59CECBA78659A265142B4A9F314CE2755ED90DA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065501Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00351_.WMFMD5=3C6AC9861A4F8EBA74719B607ED90B68,SHA256=E2AF294FB697C62551C98A6FA288DEAB06046E1FFC7C6D6DA7933B94178586C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065500Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00346_.WMFMD5=7FE72DD43AB8BE546364AA689F20CED7,SHA256=D060455879707473EF3D4B59819E8592BE82FCD0EF101D87E54F866F8AC7A9D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065499Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00343_.WMFMD5=9FD1BC4AEC0D3534CDC2FB1AEE642995,SHA256=EFAF51497AA08AF95716669E9880E44A86BF17B42BF081C24A93E206A2BA536B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065498Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00233_.WMFMD5=6F155B1C035DAB700BDC1BB0B545C5BB,SHA256=456446217D22299E0F344C72129A867A0B72C86E68DEF46E42444DE4AE6F62C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065497Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.314{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00204_.WMFMD5=031548BF33839399BF41A994F7D27E95,SHA256=EF27BA4600346A85C3B57CAB1A37F95FA27EDCFB020BB9E00DAD50F3FB7B935A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065496Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00177_.WMFMD5=FFAA994D6EE02067C68212EA595CEE09,SHA256=FA5C5966CAAF51364AD22DE205ED2BDAA4A5C8C425D96690A80C6E8C1B1F8933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065495Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00118_.WMFMD5=E83EF96DCF491BEDB1A874A5DD0815E7,SHA256=22E7F6F4FA13DD67B461F79A13EAD05FA323B62069A156D46A36A0F8376A3B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065494Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\IN00046_.WMFMD5=9000A41E9CF6DA1072B7D4231305AE56,SHA256=80C1940E08EDE2CBFF3462011BA9B774B54EC8D2163F28AFFFF008E57E2035C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065493Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HTECH_01.MIDMD5=3483406B7942AC84D30871364E8BFBC9,SHA256=35EAE2096A24BB21B5084452D0DDF41BAA454F397DFCDB81506BC43D5AB4D1CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065492Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00426_.WMFMD5=662F3A0358EAC57E5F11AB5C0B94CFD6,SHA256=365E16385B1BA8E9FAF753D5D8E02CD6DEAA693BFF76926F6FA17D14DF40D654,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065491Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00172_.WMFMD5=603F6143EB26506E05EA58472107B970,SHA256=8BE02F2926BFD9A7F54FA2DC8A5EAF28AEE9EAF200A9908F61742ACB566205CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065490Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00116_.WMFMD5=A08723BE74E6B8C792CA894AA5372CFF,SHA256=C87C3462AFB0109DC75DA4536427100E892BC2279905E86E80452B81948A9A10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065489Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00114_.WMFMD5=381D07F6ABCA8AE10110A3AEEC506EE1,SHA256=A7D87FBE788CD580A4DE5BE69A84A6F9EEDDE08D4E0C3F5181ED330478D9A268,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065488Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HM00005_.WMFMD5=F55F654BDDE6B909780D24AA48D1784B,SHA256=AE6135660312464D59AB1FCB2F380A094D24FEB8601935A64F4C1A77079F1151,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065487Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02313_.WMFMD5=76B923FDE5FA80F28ABE2BB7396EB5E1,SHA256=995854282F7559386FDC6492173708D63DB480E49CDD677C0303285DD73B69C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065486Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02312_.WMFMD5=46C9AFDC44A8ED5E72BB7FFA3B7DE9E6,SHA256=E37EE32EDA1B5262AFC1D912D4A17E29F1B702614C4C6A319547BEE362A92964,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065485Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02298_.WMFMD5=7A8EE9DF73F630875B56D02FF7F42B1A,SHA256=DBF073164AC365070659411C1138C7289E38A82B1BC9D4AC3480907C5327652D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065484Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02282_.WMFMD5=DA8C7EAEAA94CBAC4997AD49B5B13D78,SHA256=D4EC1DC787164A8414C3D1689C0336047899561761DFAC9F303429831C045F79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065483Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02166_.WMFMD5=951E5C6E20CC20E5E76AEFEB0BBBE79C,SHA256=D9200E0B4DE870AF9DF703F2F69EF8C136B668F0EB622C094A1CF843C13E1B21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065482Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.299{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH02155_.WMFMD5=7E1C605B5CD9313FDB47379F5DF3ECD4,SHA256=26D322B56B2E13CF381AF9256CF70197162F08A843A4B1D7D625F05E1BFB2143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065481Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01923_.WMFMD5=92A4332A034DF02DE382E2AC54DDF935,SHA256=7F95C14090B1D5A1A354FEAAEF04EAFD35ED5CB26D69220EB54804E09302988E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065480Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01875_.WMFMD5=AB48EEF5FBEA6842B51DC20F07BFE220,SHA256=01AA74342629DC184A25D337CD3FF6BD41F302F5BFDF37BB19B277BBBDC5D5A6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065479Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01759_.WMFMD5=76F7B4E118CEB4551423B11F829FDCD1,SHA256=65260388597675863D6C24C3EF01F1516308EF319BCBF1872969F6EC80EEB7B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065478Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01618_.WMFMD5=D6BC96E72288B61F7E2CB82A26C432D3,SHA256=508DCD28CD237F346B0B2202011B76BAC187FA5134DA05C6738A33820E3F6EF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065477Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01461_.WMFMD5=563BC702A0EDE3B675AFEFDA7CE678CA,SHA256=D7944585C2F800BA0E9C0C391D2D53B306CB792DE0F710B3ECF385F2D62938E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065476Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01329_.WMFMD5=0DADFD5325F0E57E84A506C5E446B613,SHA256=790121DDCC49A8463D472877A1BDEF9FC205107E6634BDA3E8D7F1547588A24A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065475Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01291_.WMFMD5=DF7E69214C9294BE5A884952280B87B1,SHA256=F04F41B8D692F9C1CFBCABA4E5BDEBFCF8846BB9DC7A4D09B56A6909707BA519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065474Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01242_.WMFMD5=041348E80E673ED2CD5DBD5953B55F1F,SHA256=E1CC4CBACBBC0825F0329408442C2DFB49D2A55CCD590102D4E2033920A254B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065473Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01080_.WMFMD5=356D68FB5FCD0558BFDF68BAD08F81EB,SHA256=DB88AFC96509077DC77E39BB909F357E55F98E7EB3DB5B8ADF10CC45D84D33E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065472Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01065_.WMFMD5=11119F06A646959ACCF46F2B6F159509,SHA256=07DA086AA209F92A803DCF713A5681F3376E97CF6D9460A1050AD76DB54A4D37,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065471Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01058_.WMFMD5=635842DC5850A236093AC2DCB76C6960,SHA256=B7B6E27774612114FE394D23B6C2254D8C94F047B483FE631D187519B6E2ADDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065470Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01015_.WMFMD5=2F7666BC57A2647F0793F880264024DB,SHA256=C2EFB61E65E4298CC30EB5A8DC452D92978AFF3B91C68E6E12DC53610F90FAB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065469Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH01013_.WMFMD5=805BBBEFC12D6BD104491359EE634F44,SHA256=19081CDE246CDFB70736D8E47A58EE4756817055E90BF52306128B6BD70C34FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065468Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00693_.WMFMD5=C9864091EF3934C0293075A39756CA9A,SHA256=02E1616952D7A94E45EC1B00480F7F44041EC8314BF7D2927328E14FB30DD697,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065467Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00688_.WMFMD5=8BE95DAADB68DA6584213F9D59074DFB,SHA256=BB761A0A9895CA3963B8C3EAB5CFAFFF5EA0B6DBFE1FE7D7233EA97CE9054371,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065466Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.283{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00687_.WMFMD5=ACFA9AC5D919D1DC85A06CFE17EA95B5,SHA256=8ECCEBA07CC3DD0371CFFB1026E9ACFCAFC1ED4FFC4EC5B6C665060EDC654548,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065465Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00685_.WMFMD5=23575EE603E7D8CD2FCAFDDA306BB651,SHA256=BBD8EA8C01A57CE01CF3254ACE3F87D8F46E5FB2E0973FE66955AB29293A72D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065464Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00681_.WMFMD5=1967B5957C45F16EB1572199AF8A462C,SHA256=DF10E0B1F88A206F21679A69ED71BC546B8982DDDC7EE02A611AECEF231600C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065463Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00669_.WMFMD5=4DEF28B764B9988A4A7AB3CCB75C8F3E,SHA256=1B7405F53D88619CF4974C80AD70EE2DF65D52341C62802FDD34E1455C74272C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065462Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00636_.WMFMD5=10D696C712605657C7506812432AF542,SHA256=594232BC077CE06DE8E2A3D9A2F2C29A75A6AEB601E4FB747BDE209FF0BA82FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065461Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00625_.WMFMD5=F11D7FEEB3FE068561B1B10B7F31A627,SHA256=4043FFAFEA8AED993D26A2ED294241AE20259519E8FAFAA4059BFD7718E93A28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065460Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00623_.WMFMD5=059EA2875212F254AAFF902810BB6187,SHA256=7214995F65FF42CF3BB69FEF8F23707448CB602B54A8C190FE20493CFAD41347,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065459Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00612_.WMFMD5=DA3F0BFA7E82E801F494AB8ADF098515,SHA256=CB19926736540EB4DE8229C165FEFC998FAF5507AB3076CE6DC72DB09A5ADC5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065458Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00602_.WMFMD5=1896BA6253E83280FA1A72733891FA2E,SHA256=0FCBE303AF5494870A84C9BC26048E25E5613D0F169D127CF7E7E9EEFBDA77A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065457Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00601_.WMFMD5=2944962137128696927FCFAAD0A905B2,SHA256=5FA66E6B3DE7E6064FCA9F399B60282316DFAE273496345042A99892641AFD20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065456Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00546_.WMFMD5=B5A7198B713FDF0064007E3F3D811BF5,SHA256=F4C08392F821394D01F0B491803A6AE7D5C8062FBEFF0F3F480694F2E876EA6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065455Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00527_.WMFMD5=3E5252AE5BBB7E51076D21176526CEEA,SHA256=26233B868C5F6E7CEC85E303118D6735EC9B40830D1A1B2DB57218CEBE8CD537,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065454Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00526_.WMFMD5=0C78E787EFB858601F1566D010660BB0,SHA256=A5FC79DC2E6E69CA74D8D0B030425F932DDAA531B1FF2B54778D442383BFAF1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065453Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00524_.WMFMD5=B500BB4EDD7E951784DBFB91F8BECDE2,SHA256=FE50311C36F2B5B3FE9B9B6022FC69F68BCA3252431C6001B798261CB4E539CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065452Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00513_.WMFMD5=D2A53876A98AB4055A04F55EB512CBF0,SHA256=7F603C1BAE169A4629D64373C8F23D57E6D40786D8708657099BB8ACEEA073E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065451Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.267{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00443_.WMFMD5=CB88FD533A10BFD0A56BFE85890530EE,SHA256=0A62475D905E35443DE82C00941CCEE8E6045C35A305B8D3A9D389CF976B64D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065450Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00334_.WMFMD5=314911F5F9737FCCBA6D46BCE14B79C4,SHA256=C743A992F35FDC8406D6CBF8C2D765A98B35F8F8B2D7982DB447A85A33298398,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065449Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00276_.WMFMD5=3576998BC6AFC968669F63C95EA5BD1F,SHA256=78E2154226E6B15B45D337C570C493A97629661D7C6185F0EAD6D8D84D78E8B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065448Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00260_.WMFMD5=EB1804B36BBDB3632D83CA2DA71A4D81,SHA256=2D9781CFCE5A8DBDA5EE176276D9FB5F10194BE716B79A48E36DB86D5796CAD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065447Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00241_.WMFMD5=C4EE88ECAD7FD1190181834080A2188B,SHA256=F3C512D486766F91560EF2A47B9B6A6ABD10A143EDBE3F0A049278A31787EF99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065446Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00236_.WMFMD5=0268F37A7800F8743F39B946AD3282F2,SHA256=FA8F7014724D41B2935B00C1F640060C9A21C4FF1AA1EF8EBA9368AA367DC780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065445Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00235_.WMFMD5=82F181F16AFDC303497374216A8ADE38,SHA256=25BBD73CAC74D9FD4AA57EEF283C0D41E2A27A5FF19DE2EBA1CAF3237C564603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065444Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00231_.WMFMD5=BB71569957A06259D1CC1A716B892283,SHA256=A213AF74B57AFD57E01E720885D5C0CDD7213CA29FFD1287A865B33FA835EC4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065443Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00084_.WMFMD5=AD6192939EE170127253C11914E0E38F,SHA256=FF567E24D6D7BD176A134263798F55E2EC103E48D57ECB3529FCF3B3A7D0B901,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065442Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\HH00057_.WMFMD5=911C5829B0D0A8E91670509E22D74921,SHA256=FA9BD8D1058C413ACE291914E879BAD0EE749508D11921193E7677F0CE23ACC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065441Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\GRID_01.MIDMD5=BD633215A6A9C445BC70EC092B7E8635,SHA256=AB23D6398D78C5323D383E9C13C650652AD3678CBCEF82EA2834B09F5E6EB007,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065440Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\GRDEN_01.MIDMD5=EBF06B1BDA3ADE032ADE1AA2D26A132D,SHA256=B4EB9A85C68595030E318609BF2D5A624DB654A07A2B9259E1FE6A20BCDF4FC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065439Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FLAP.WMFMD5=61A0CBEA19154EE23DF9FFB688AAE7F3,SHA256=4108EB323DA12E05693AC0304C916A3EE620A83D4EC5476EA8FCB3947D53E001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065438Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FINCL_02.MIDMD5=84865662EA5CB4AF151CA0D805796764,SHA256=44FAE3DD1E8C7B9D0FFB303E7BEAE390A71E21A5069D0F6B1E6DFEA857EE4378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065437Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FINCL_01.MIDMD5=9674C8316187CC7A53FEC44CAE9D2CE5,SHA256=6BD4BBAEEC303EBA7EEAD97E6E7C2FB0CFC98A1650289144A12D9ACC111A6414,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065436Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02161_.WMFMD5=E9DABE48F87FE78E05D0DA8E9BDC2E3F,SHA256=1290225031A2F2E9A7ABE9C9A605E46FCB39521A8F55752E5C53E21331A5742B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065435Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.252{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02158_.WMFMD5=AF01C2C2301ACA114F856BBFD581256A,SHA256=AE5C0D86ADA9EEC3D619E1D841ECD76AE35F7A29AC42AFC82A6C564BF8471B1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065434Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02153_.WMFMD5=ED2168B2F9DD3C4BC1C8BC2E778E4241,SHA256=CEC0C23C9B207080B50E15AC43C074675E4943C9BBD5B349D9C83A6177064FF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065433Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02141_.WMFMD5=5A8750EB7418CE77DC5765B9C78B86A5,SHA256=A5469EB70E9DF326A9FAB0AFE0E51B85DEEACB619938F0A6AC17CE16CB6FF68E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065432Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02116_.WMFMD5=FE63CAAC61A5ACFFD306FFD736CA1600,SHA256=114A25EC2394242742FB86C58AA0858C62A986823D28DDC06670CC32CE30B56A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065431Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02115_.WMFMD5=85299D36F18622FCE7025B4E801E77AA,SHA256=559AB97CBD9F9092FC2922123B7D1226BE219E943DFF828A585C8B291136FD20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065430Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02097_.WMFMD5=54B0677EEDAB60FE5258B3BF0A05E83F,SHA256=50BF763EB68344ADB88F0D7B7644A191D2916A449EA826EAFF68E64521AB7141,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065429Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02088_.WMFMD5=DCA410211CB5C8CDBBDEABE2C6E5D8D4,SHA256=A8C4EEFE6634346B72C4A0CFA624A4EEE77D02FFC34952AE58532339545C51EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065428Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02075_.WMFMD5=FCC28C5B39CFF5BC7D80C94009900497,SHA256=355BD24ED53202BD7EA964DD5FD4BBD9099AD8EE9601A56072E2C69C17AAD3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065427Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02071_.WMFMD5=F97337885C426F97B6D3C1600D14E7FD,SHA256=10A367E5C31F43E06FB20CCE63A1E463D47BD6C76CC92A04FDB31F2F678D6C17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065426Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD02068_.WMFMD5=EE12E12887FBA5695B438C6873D12D26,SHA256=2EB5465C4D394BCC29863DF317BE8A2ECFE906D40919F54D28518E2628BFD3A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065425Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01660_.WMFMD5=DE54ADEBB4737C7BDE7045FF2F42EA7E,SHA256=9D6362FB573D0A05F88DF7861AB04EED9CC5267E0B96DDC34AE17291BC804F66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065424Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01659_.WMFMD5=906391789ED92593E7A2166183A26332,SHA256=44DB725B703555C5E58EEF777F2E1DA1F203D50C603681D4D99D4ABCB4FD9187,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065423Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01658_.WMFMD5=F252EF84789F589E0D10E9B51D9F0804,SHA256=E10B5650925AC24F6DEE92D16310A546A011BB6F83DA3C9CD2371B8F846FC70B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065422Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01657_.WMFMD5=62762F26D100AE355E61FD051E2BE82A,SHA256=1E60A782477DBAC02A9CB109D2597AD97F73B60360D37ACE804E69137071AF33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065421Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01548_.WMFMD5=B99864174F42D1C48FFB23CDB806FE80,SHA256=C171DDB1819D41E7FDA2E77C7F48C023ACF342F7ECD02FA014477651BC684443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065420Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01196_.WMFMD5=423A64520988449501C93C8DF3E65873,SHA256=78D70865D21980238184C2D23FB09A5D5A0ECCC4D15A9245DA9930B068A98084,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065419Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.236{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01193_.WMFMD5=2C4B0F250AB7DDE3EB411D98982B87F6,SHA256=F9FF1C818FEAF6300291ACA4C5FE6302B06B43930ABB17DC8CAF51E63ED9C8E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065418Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01191_.WMFMD5=0117EB4DACF079A139F52B3B1627308B,SHA256=D4AB92CC3EDB9BA246F801DD742CB2DE4AF86AB029BC37AFF9F5A950B204D909,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065417Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01176_.WMFMD5=9427C1967CABBA82F864BDCA097EB0BB,SHA256=5FDC567692E0EB9CCDA3EA3A48A8ACA181E16F00A81C22CD46780273D7494CAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065416Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01084_.WMFMD5=AEB82BBB26526254E5A6C359A3C6B723,SHA256=E80B242167DACD8605DBDAFBB00D5B4BD1536E3801711FDDBDF25C56FF2C041C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065415Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD01074_.WMFMD5=990F1C672A512B6CA13154AF582235B9,SHA256=B42DBC4E09B84672F4AC52CE21B7A75BF1C5B195EFDB774D7A87D6A1AA135CA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065414Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00965_.WMFMD5=45B9F7802E6A903141D0F1FD96969D56,SHA256=7EDF942C04A64B9BC020D739FC45C74D8336702E7210888D20C63700F69B9746,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065413Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00814_.WMFMD5=090F63FC5EC3C0FBC17DB63B4E2E5C44,SHA256=C193CD01E10E346789ABFA2232FF96AA61CE3460E27246D635325B64DDC10E97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065412Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00799_.WMFMD5=218DC071E88F6372D4E0BBE69E0CC2AA,SHA256=0B06437E58F4CF6CCD5D987684FE3C63982FE963FD77913C4BBE0D181A67752A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065411Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00779_.WMFMD5=56E94B5F20B4765A7C3D7D829ABF24FF,SHA256=CE5A90B4D89A4278DEF22643E137BE9AE51AD9B09D2BBC961804F73B450F9129,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065410Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00775_.WMFMD5=94BB1014FF4D110E8608E8C86FA70C71,SHA256=39C8F7334494A4BF61B8ECF2CF5D1F6F097E2B8145F19AEDDF3DAE54F66456FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065409Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00586_.WMFMD5=64853C144B2F1A70DBD21930D42A4F08,SHA256=954D68233E73376276DAF61F3164DCD2B9A3430C1AB033BE12C42CA64434EDBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065408Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00564_.WMFMD5=B6DE6EB4CD7A14424972D6D302B529E7,SHA256=80FE2E38E00023C881EBA5C6D52D47E2BAB6BEBBEDC6E39C0E980CBA0E23D5CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065407Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00544_.WMFMD5=B80BB0B4580D703138C47A69E1B7D7C0,SHA256=191A4B9B6B3A861426E804122EF803AAC03CCC36A077E9FB76C60CAF936D26D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065406Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00543_.WMFMD5=2D4D6776AE6E55763B5E2AFB87A2787D,SHA256=20ABF7A1A9A08E5B397664A84AD21F267C488F5A72E516D059AA48ED4754E391,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065405Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D79E8F90891185CCDD22B0DC8E28D7D,SHA256=516AE4D3BE4B1F85D1BD16D73F2EAB27FE66BE4D99DE35C97BF40349A28EDBC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065404Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.220{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00459_.WMFMD5=5C5240A42E7171381A65A230E075CB30,SHA256=01AA1966C00DB68B20AF4F6F650EAF26F87374AFE433A30DB025A4B52ED93ECA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065403Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00455_.WMFMD5=D3EAC6587E8EC0B76D62078FA5B3623D,SHA256=4929C9D0527C0B8749D5A2EADA42C90BC4ED1933A7D4C4BB9126D1777E900CD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065402Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00438_.WMFMD5=FE3D427A3760563A4855D024333E3751,SHA256=23C38DD4905627EC4EC0CABAF4A7BA1502B3F7360978EE00DF3921690CD083F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065401Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00435_.WMFMD5=B8BEF879587B55DED77F69839D2AFA2E,SHA256=B97D087BB4521FE9807B845789835873517C6DABBAA22D75BBFC3445B808FE2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065400Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00428_.WMFMD5=81B7E9FB1BB2AB04F3FB71CF419EAF61,SHA256=128328BCD38319B4323DBFF966558E4C19A82C61FFC5251DF5A1C8085B3117C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065399Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00419_.WMFMD5=D2DCBCD2C217F3BBE60BB702176C404D,SHA256=E4BBB9543C60699154DD01FFF8436945B664FB64CEA6D2544B4C8725EDFE4DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065398Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00414_.WMFMD5=4004D8AC0E0CC7E420C9F71279CCF673,SHA256=E8F22B879F0A6A0A35AADC5A7744AA6680C0A98BD2822951AA22E1809699AAB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065397Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00403_.WMFMD5=941539F5FB4DAE4E30943CA4CE17ECC6,SHA256=3FB11FEF47D2231C31AF9E9ADBF0497B3AD70EC16CDFFB71B57E56EE5E9666E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065396Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00397_.WMFMD5=9EE5CDA10B3D403870F30FB401FCFC97,SHA256=316201E19FF3F6FBEC3A95277CD9551C4FF72D42648A8A211ABC64F755E9D534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065395Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00382_.WMFMD5=51D7006E5E1F7867EDD33ADA4CF950C5,SHA256=BAAA3E7105A853111C178B0E52A62D21DFD6604E2B81DB97080DA1C359137AAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065394Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00369_.WMFMD5=1E1FF845B0BF44DEDA341CE1145233EB,SHA256=BB40F7AC6A8A9D3023FCABF1A1C06C4E7363985AF8BAEF446F08C6007907F641,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065393Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00361_.WMFMD5=B957FADAF809284C134B36F6D9B4C44A,SHA256=582713587071F49C2FA7B043B0B8BB9F6021E221F240067C89A26A3D699BEE38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065392Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00336_.WMFMD5=BBF4FC8018EF952896B561358561A0C0,SHA256=3C38545826C1588FA87F1F673C828604BE51847FE588D0368C46A4E8E26C45BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065391Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00306_.WMFMD5=281908487CF3B482129A63C0C5239DDA,SHA256=9333F9D01230EB73DAA6DD98106C4A661302B2281AF3E0A9E997197759232ABC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065390Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00297_.WMFMD5=84A29F42611D348D853FE9EF51CB2E3E,SHA256=DF2A06874824F62491A769FEA97B8116A94121222DF1B9EF84BF55B8B6A3276E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065389Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.205{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00296_.WMFMD5=7F1EFE3445AAB1EEF0950100E84C3BBA,SHA256=D1E9F9E59D78320D68998DD433524B7BAB95E3390EEC13625D08F66423E3F785,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065388Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00096_.WMFMD5=7BDB2184E6AA70EA0A3A0F111754902D,SHA256=4BC278283C3C7E64E326D27BC071B5BFD6F6DF0CEA4C4B9A7567840D7F048EE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065387Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00090_.WMFMD5=02AD947AFE8E575D4A0FB7F919ED0EAC,SHA256=3749912D6A433809E694B981EEF31B83A797651C65488637C04F2E457B265DF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065386Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00086_.WMFMD5=3AC13C2A6E3C6B7AC4A59F1070566D97,SHA256=6768C990184E1DF58F22397958A712BC01A31566598BE690F6EAA6DA7FD0D524,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065385Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00077_.WMFMD5=2A70035DA2452E85546DFAA0E4FCD639,SHA256=4421DB0EBD89B34250EBB37D969CE21C6142377FE33A30B924CCCDD4E875A724,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065384Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00076_.WMFMD5=094E63064C55D9468E8FF9C80B1E6191,SHA256=D7A2D96DA4A9D9C7E6750502C76F07A09CE068BE3800B8A6A670FEB774D92054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065383Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FD00074_.WMFMD5=410B716CBAE1A339A9951B58922223E9,SHA256=C281800569489861D16F2FB1D3E2412BB4873CFAC7C00B0B3A6E14917EE13E41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065382Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\FALL_01.MIDMD5=4DA7502FFA7CB919BA859B9C45E8BE0F,SHA256=09CD7122CF29DFB421FEFF77AD07134FF84700B856417C95E0BDB999BABAAE65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065381Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EXPLR_01.MIDMD5=2958046E6E642BB771BA766A7D832EAD,SHA256=03624CF7C6BB14EE384BED06BAF2E7CA7EFDD43F3B8C80777B838F3D32CA4A7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065380Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00902_.WMFMD5=3DDF18EE2B0AFC56CC2ADEF7A647633E,SHA256=018A675B79AB18EB7CA90E002A2540AFA3F1243D283CE1CD394FDF54FE6EFC1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065379Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00397_.WMFMD5=8C13C05A73E84858A75C71B439FB4013,SHA256=2BDB153FF02C5567653A11DC9B0DF506F0A2B17BBF36A8311AE86392E1A82F01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065378Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00320_.WMFMD5=A69EAEDE3384DE71EF138398F09ABCF6,SHA256=8DE46AD5231AB985D41BADAED62DC0697050390C4A74717693FEF7B1EE8DF62A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065377Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00319_.WMFMD5=700E1EC6FDAE1DD15A5A417E413920E6,SHA256=71E829E3B4EF2E8092A4A996440D559CBAB7D4D6AC64D772CF30F3E349694695,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065376Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00242_.WMFMD5=7A0FE79C3743421236C5729D8898EE34,SHA256=7799F6C8E171323B6271C72CBB6FFB0AEA37D5EF345D5FB20D297F6BDEB9DC9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065375Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.189{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00222_.WMFMD5=5EE2296F210BD35833EFA5FF1349BAED,SHA256=4E73471F0C0D2D208D1A26C24F2AB359CADC8B0EAED749B56262BF5EE99B54B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065374Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00202_.WMFMD5=CE60753DE104072598BC7328BA5E62E4,SHA256=21FCFF21BC4863DFA830F27E55202D2E7B24661066603C74405FF541AEC05C70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065373Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EN00006_.WMFMD5=CB230B897A2CE7B59CED83E77347CC31,SHA256=7CCF2647E7EA4A941A9EAFC1E9D9CC7F2C9629CBC34FB8CB6AD351CE30A768FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065372Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ED00184_.WMFMD5=EB40D79340396916F04C2DDB37F14897,SHA256=5D84A3266444A87B535B9C8B192B5D5580D3AF8EC01ED59641D0A3A9C3E2D633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065371Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ED00172_.WMFMD5=157E9EE096B5BEC1AEC532A363D05407,SHA256=B6BED86D4C79195BCB6A08AA759DC71CA1ABEEDF86C197C386B0EA7BB19BB8D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065370Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ED00019_.WMFMD5=55AC905602CAC55417009312E9B0357A,SHA256=D48C63858D7642439608051B31E042FFCA09AF00D275FBD31486728C126BBCE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065369Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\ED00010_.WMFMD5=7EC3CE0F224BB5CF1A3622F495FCBD00,SHA256=A9CC955CE855C272842B5809DECFB5C00E2BD9F508226BAA7F186E510C859B24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065368Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\EAST_01.MIDMD5=8D1EDFFA7C29D7E4540E0A14FDA328EB,SHA256=EA3928025362E3A7AD511E3179FA4DF59824A6F1E4A2C5F6D8C94C9272A2011B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065367Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01793_.WMFMD5=0EB4B64E8378E0CD0B75B530820E029C,SHA256=FCE49FC8956A6CFD20CEE578C2A1386CFC96A5ED3D11065DBC2AF371EA07865D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065366Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01772_.WMFMD5=2AB1CBBFA2CF80C641A23A5914ECEAC5,SHA256=08A0B743D1B07F590D271277E65BC3821AF8A529A469330BAB949EEE35448696,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065365Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01761_.WMFMD5=4C271B513B9F9B15085AAB31B7A1E97C,SHA256=1EF80C3CF0711A8D382D627FB1D478999787B1564FFB5EF2180A9F17148C8D5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065364Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01631_.WMFMD5=B5715CE30507956C03DC1904ACC7389F,SHA256=F905FA16E36DE938420B87455508F3583A772124871D054ECDFA196526A3BED1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065363Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01630_.WMFMD5=A49EBD16DD6A65B93AB2AD135434F541,SHA256=FB04094902572B2057E1BACDE7D4CB3534F1A142F0C3C92D3A0ACD52CC1C61B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065362Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01629_.WMFMD5=BC3E30E1629223A6D714BF35B5A3E12B,SHA256=BA6E75A116E3CD28ECDF335BD1C395168581F6635944BF6626A9E672E9CE5175,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065361Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.174{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01628_.WMFMD5=42146B49D94FEC0CD9237F6453E5ABAE,SHA256=4BB61B208F21CBE84980EE586511DAF8D984C487ACF75F39E40C1F3376929C8E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065360Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01586_.WMFMD5=6B11A79D775862FF4F08F354C1CF5630,SHA256=32DA3DA60CE67E0B9A7D030BFBE485BEA29FB223FAE332EB5F4454911680051E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065359Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01585_.WMFMD5=DC7A2F58B86889B606D52BDC7A4EDAD7,SHA256=3EF557E2F095D31572D24C13E89C80ED139BF0742105FA45A36BD6AF94FC68A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065358Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01434_.WMFMD5=DBE9A1DF8D5E917716DE8D71152E5E00,SHA256=669CEA4E5CEEF6807A0DE6E63B74B0CEF95BCFA3A7E5CFDC0F3AAB87B459C9BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065357Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01366_.WMFMD5=36EFB85C42A507109567E394BE6A958F,SHA256=16669CE5527EE693A9B878D44A086649A457D51C1F88B4F98AE06545DC2CF0DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065356Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01186_.WMFMD5=5CEDC1D6BA17E5BC76230E47B418BC3A,SHA256=67E1ED2DA1B7FD26BA79368527F20F4BBA1D72174EBEE9814DE9FC9B58151A49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065355Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01183_.WMFMD5=337D1ED78977F9060E144527CC6046B5,SHA256=2B3B9820D0300A2AED32F031081FEFB0EEF9369112AEEC7670B2B0F0FAAC8628,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065354Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01182_.WMFMD5=8B1C0C272BDF785B581A586D1D11A22A,SHA256=7D9ADA18D9274567F02BE738FD105B42CCF3F1FEA3AD2AAB679EE3A2A11EA180,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065353Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01181_.WMFMD5=805840DADF6FB601381046AC937C5544,SHA256=4C63D236A6C327212F4B9A838A74429ABB1E949CBA5C7006DE48A5EF3350CA53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065352Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01180_.WMFMD5=3312807F70A1751FE705F004908636CB,SHA256=6F71103EAC4CBE2B8C200294CAFA1240797A452304F5670F7DC7A32E8C0CB16A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065351Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01179_.WMFMD5=70C8E371EFDAF2975AB7F653242F73A7,SHA256=53DB0815FB2F25A808A4AC528F28FD32379DE73E8FBE3EB41F48A0D03E865F45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065350Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01178_.WMFMD5=373A9DA52116A476CDE87C1A0030D215,SHA256=D3ED28D9AB2D81DF8BB28F91B8705FADEBFE35738657FEA1454AE84BA8A1263B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065349Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01176_.WMFMD5=AE29A32626F90B7C8B396898B59B4E9F,SHA256=435AFBCBA8947437E238D94BB973996C1FBCA94CA59A453C2755A3F0033093AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065348Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01173_.WMFMD5=6AC8AE8BD86CDA0775C3BD93759438A9,SHA256=12B69DABA415C3C2C90A8B7892413575350BC326A37A1A80DA7D5E18FA37443C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065347Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01172_.WMFMD5=CA39D8994F7170E8702EFEE36C088A9B,SHA256=81D24FDB5F9088075B696D8012E441C2359E8F22CE23DDF1C11EF2669A8DE104,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065346Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-E38C-607E-860A-00000000BB01}5624NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D144BB6D60C02AF6D81C37C990D4B11,SHA256=941BF7497ACD8BA8CA1B780FFF6B333487F429CF49009F9E03164FE76F5DC0EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065345Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01171_.WMFMD5=6AB36BDF013C1602A49DFD086EA4498B,SHA256=585B23A9EE96C1730ED9FCA10C11431478897D75A47FB040831E9F792E036083,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065344Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.158{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01170_.WMFMD5=8E4A1C5DB5B450E0365CB725F9A42519,SHA256=6ECC13C39673C8F72678C701B23F322C584BADF4E27E3A5D01FB49F8747D7E5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065343Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01169_.WMFMD5=B7A07F08D323E3F33DCFBF62605BA381,SHA256=B1237D35BB40DC05793C945601640CA89D6D182787EC213E907A6E3BA74DA4AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065342Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01168_.WMFMD5=A48231578A59604EC6588404904BB7C2,SHA256=8E7FFB23B60EDFCCBBADBE7E8B0F292002979A2D7C007BAB543CF60786821F85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065341Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01167_.WMFMD5=6F25B26783C097D5E3F82A05E47F4759,SHA256=F8BFC6E6A577807C703BA8C62EC89900C7886D7F30516F883B17F81763A76DFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065340Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01166_.WMFMD5=8B846110436BD48A71A53CB690E76555,SHA256=A6F46F2F76B9F9FDA730E35C29492BC23857FDAD15C3A26756C69032B88D7B43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065339Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01163_.WMFMD5=BAFD288F41AEE0060CBC37077E718DD9,SHA256=EB4102C7A42E51736DF52CFF679A0B6A24EC074D7E415224626373C1A1ED1386,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065338Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01162_.WMFMD5=0964A67B2552C332BC500D49275B6EA7,SHA256=26299AE5DB740243AAF55FBC973A345FD359C444C14A5FF83455EA0CA1FBE65F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065337Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01160_.WMFMD5=0EDA26930843C106E3A4F1DDAC28F62C,SHA256=E892C9BC7DBD28C5EC9212D623BCADF7BB72BB8C9E95268907DABD2590758DA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065336Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01157_.WMFMD5=C5614C0603163BEFE8C3ADAE36DAE522,SHA256=62AA3E7984D5EB9B5AF7CC1271C2F5B9EAB86A309803C8B212D498201C4A8F41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065335Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01152_.WMFMD5=1F256FF3F379574BEA64477A55A1C141,SHA256=A12D42D51859FF36F1A4D046CF8584FF608404B69609A121C428D018EB91005C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065334Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01151_.WMFMD5=A498092A45B7FCB0347EA5612A9D3735,SHA256=8BE78D21C7EFD85CB99FD36D911E60228603BA2646C8BBD1A8C32C8F274DCC32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065333Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01146_.WMFMD5=8F29A3C315FCF53A3EF31175349C45C1,SHA256=C414B34BF1ACB4BDF7E21BDCFCD838BA949610DB2CAC652094083D804B08FCC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065332Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01145_.WMFMD5=E70C427793DF572655E4966F686ED9CB,SHA256=F030E835FBC23AD1FCFEECC9A212BC3472B82286B9B8D3F08B05254A482031C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065331Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01143_.WMFMD5=70A01497FECEA4A7961B64BB04E8FD30,SHA256=9887154D0A90B2717ECFDBB1C56EFA1989013195CCF574A04D6525BD2077041C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065330Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01140_.WMFMD5=7267E0857A43BB1F12941ED7789EEBB8,SHA256=99B1533D8D7350D36C30228FF4130DB12807B2678A999716570A1C2BBE4C679E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065329Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01139_.WMFMD5=D87C4084B871CCECDB4A514B7FCDA78C,SHA256=C3A97C50236D12BC0AD1F85BD979FE0BCDFCAAF23DB0F735ECEE09ABC85AFE9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065328Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local-2021-04-20 14:55:08.142{A7A01FEF-EAF3-607E-6E0B-00000000BB01}5092NT AUTHORITY\SYSTEMC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exeC:\Program Files\Microsoft Office\Updates\Download\PackageFiles\AD1568BC-E3CA-4B2D-8D14-276D52B3D5B5\root\CLIPART\PUB60COR\DD01138_.WMFMD5=C99DA6C0CABD4724E802A1182288AEDD,SHA256=8B65E5F930C5F3F655E9E16ADD55F2E0442AA5A0FC67EABE13EBA632DA8974A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x800000000000000065327Microsoft-Windows-Sysmon/Operationalwin-dc-339.attackrange.local